CVE-2020-5246

CVE-2020-5246

Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. It occurs when user input is being used in LDAP search filter. By providing specially crafted input, an attacker can modify the logic of the LDAP query and get admin privileges. The issue only impacts instances with LDAP configuration and where users can craft their own names. This has been patched in version 4.9.

Source: CVE-2020-5246

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다