CVE-2018-1000881

NONE EPSS 88.7%
Published Dec 20, 20187y ago · Modified Jun 17, 20262w ago
Find Similar
Published Dec 20, 2018 7y ago
Last Modified Jun 17, 2026 2w ago

Description

Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability in ComputedAttributesHandler.java that can result in Remote Command Execution. This attack appear to be exploitable via Remote: web application request by a self-registered user. This vulnerability appears to have been fixed in 4.1 and later.

Threat Intelligence

EPSS Exploit Probability
88.7% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-94 Improper Control of Generation of Code (Code Injection) Injection

Affected Products 1

VendorProductVersionRange
traccarserver* ≤4.0

References 1

  • appcheck-ng.com https://appcheck-ng.com/advisory-remote-code-execution-traccar-server/
    ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.