Traccar Unauthenticated Local File Inclusion on Windows - Leakage of Traccar Config File

Traccar is an open source GPS tracking system. Default installs of Traccar on Windows between versions 6.1- 6.8.1 and non default installs between versions 5.8 - 6.0 are vulnerable to unauthenticated local file inclusion attacks which can lead to leakage of passwords or any file on the file system including the Traccar configuration file. Versions 5.8 - 6.0 are only vulnerable if <entry key='web.override'>./override</entry> is set in the configuration file. Versions 6.1 - 6.8.1 are vulnerable by default as the web override is enabled by default. The vulnerable code is removed in version 6.9.0.

N/A

对路径名的限制不恰当(路径遍历)

Traccar 安全漏洞

Traccar是美国Traccar公司的一个基于Java的可提供GPS跟踪功能的建站系统。该软件支持170多种GPS协议和1500多种型号的GPS跟踪设备。Traccar可以与任何主要的SQL数据库系统一起使用。它还提供了易于使用的REST API。 Traccar 6.1版本至6.8.1版本和5.8版本至6.0版本存在安全漏洞，该漏洞源于未经验证的文件包含，可能导致密码泄露或任意文件读取。

N/A

N/A