How severe is CVE-2020-5246?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2020-5246?

This is classified as CWE-90, which is a common weakness in software security.

CVE-2020-5246 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. It occurs when user input is being used in LDAP search filter. By providing specially crafted input, an attacker can modify the logic of the LDAP query and get admin privileges. The issue only impacts instances with LDAP configuration and where users can craft their own names. This has been patched in version 4.9.

Related Vulnerabilities

CVE-2016-8750

MEDIUM

CVSS:6.5(Medium)

Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks l...

CWE-902016

CVE-2023-28853

MEDIUM

CVSS:6.5(Medium)

Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Starting in version 2.5.0 and prior to versions 3.5.8, 4.0.4, and 4...

CWE-902023

CVE-2024-27310

MEDIUM

CVSS:6.5(Medium)

Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input.

CWE-902024

CVE-2025-27631

MEDIUM

CVSS:6.5(Medium)

The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the webs...

CWE-902025

CVE-2019-4297

MEDIUM

CVSS:6.4(Medium)

IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit thi...

CWE-902019

CVE-2016-9870

MEDIUM

CVSS:6.7(Medium)

EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability...

CWE-902016