Description
GPS Tracking System 2.12 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit crafted POST requests to the login.php endpoint with SQL injection payloads in the username field to gain unauthorized access without valid credentials.
Exploits (1)
References (2)
Core 2
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/45816
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/gps-tracking-system-sql-injection-via-username-parameter
Scores
CVSS v3
8.2
EPSS
0.0031
EPSS Percentile
53.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Published
Mar 06, 2026
Tracked Since
Mar 06, 2026