CVE-2017-17098

CVE-2017-17098

The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by <?php system($_GET[cmd]); ?> in a login request.

Source: CVE-2017-17098

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다