CVE-2017-17098

Name of the Vulnerable Software and Affected Versions: GPS Tracking Software (self hosted) versions through 3.0

Description: The issue allows remote attackers to inject arbitrary PHP code via a crafted request. This is mishandled during admin log viewing. For example, using <?php system($ GET[cmd]); ?> in a login request can demonstrate this issue.

Recommendations: For versions through 3.0, consider disabling the writeLog function in fn common.php as a temporary workaround until a patch is available. Restrict access to admin log viewing to minimize the risk of exploitation. Avoid using the cmd variable in requests until the issue is resolved.