CVE-2020-5246

Name of the Vulnerable Software and Affected Versions Traccar GPS Tracking System versions prior to 4.9

Description The issue is related to LDAP injection, which occurs when user input is used in LDAP search filters. An attacker can provide specially crafted input to modify the LDAP query logic and gain admin privileges. This issue only affects instances with LDAP configuration where users can create their own names.

Recommendations For versions prior to 4.9, update to version 4.9 to resolve the issue. As a temporary workaround, consider restricting user input in LDAP search filters or limiting user privileges to minimize the risk of exploitation.