CNNVD-202510-264 Information

CNNVD ID

CNNVD-202510-264

Related CVE

CVE-2025-61666

• CNNVD Published: 2025-10-02

Description (Chinese)

Traccar是美国Traccar公司的一个基于Java的可提供GPS跟踪功能的建站系统。该软件支持170多种GPS协议和1500多种型号的GPS跟踪设备。Traccar可以与任何主要的SQL数据库系统一起使用。它还提供了易于使用的REST API。 Traccar 6.1版本至6.8.1版本和5.8版本至6.0版本存在安全漏洞，该漏洞源于未经验证的文件包含，可能导致密码泄露或任意文件读取。

Description (English)

Traccar is a building system based on Java that provides GPS tracking. The software supports more than 170 GPS protocols and 1,500 model GPS tracking devices. Traccar can be used with any major SQL database system. It also provides easy-to-use REST API. Traccar, versions 6.1 to 6.8.1 and 5.8 to 6.0, have a security loophole, which originates from the presence of unverified documents and may lead to password leaks or arbitrary access to documents.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Traccar

Published

2025-10-02

Last Modified

2026-02-24

References

https://github.com/traccar/traccar/blob/v6.8.1/src/main/java/org/traccar/web/DefaultOverrideServlet.java https://github.com/traccar/traccar/security/advisories/GHSA-hprc-rph8-fj87 https://projectblack.io/blog/jetty-addpath-lfi

Patch

https://www.traccar.org/