Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by predicting this new password. This is related to the use of gmdate for password creation in fn_connect.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
gps-server.net GPS Tracking Software(self hosted)安全漏洞
Vulnerability Description
gps-server.net GPS Tracking Software(self hosted)是一款GPS定位跟踪程序。该程序能够管理跟踪历史、报告、事件和通知等。 gps-server.net GPS Tracking Software(self hosted)2.x版本中存在安全漏洞,该漏洞源于程序可借助未认证的请求重置密码,并向管理员发送带有可预测密码的邮件。远程攻击者可通过预测新密码利用该漏洞获取访问权限。
CVSS Information
N/A
Vulnerability Type
N/A