CVE-2018-1000881
NONE EPSS 88.7%
Published Dec 20, 20187y ago · Modified Jun 17, 20262w ago
Published Dec 20, 2018 7y ago
Last Modified Jun 17, 2026 2w ago
Description
Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability in ComputedAttributesHandler.java that can result in Remote Command Execution. This attack appear to be exploitable via Remote: web application request by a self-registered user. This vulnerability appears to have been fixed in 4.1 and later.
Threat Intelligence
EPSS Exploit Probability
88.7% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-94 Improper Control of Generation of Code (Code Injection) Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| traccar | server | * | ≤4.0 |
References 1
- appcheck-ng.com https://appcheck-ng.com/advisory-remote-code-execution-traccar-server/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.