CVE-2017-17713

Name of the Vulnerable Software and Affected Versions Trape versions prior to 2017-11-05

Description The issue allows for SQL injection through various parameters and HTTP headers, including the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, and several /register parameters such as country, countryCode, cpu, isp, lat, lon, org, query, region, regionName, timezone, vId, and zip, as well as the /tping id parameter.

Recommendations For Trape versions prior to 2017-11-05, consider restricting access to the vulnerable API endpoints, such as /nr and /register, and avoid using the specified parameters, including red, vId, User-Agent, country, countryCode, cpu, isp, lat, lon, org, query, region, regionName, timezone, zip, and id, until a fix is applied.