HIGH🇵🇱 Wersja polska

CVE-2023-50729

CVSS 8.4v3.1pub. 2024-01-15upd. 2024-11-21

Traccar is an open source GPS tracking system. Prior to 5.11, Traccar is affected by an unrestricted file upload vulnerability in File feature allows attackers to execute arbitrary code on the server. This vulnerability is more prevalent because Traccar is recommended to run web servers as root user. It is also more dangerous because it can write or overwrite files in arbitrary locations. Version 5.11 was published to fix this vulnerability.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
  • Traccar

    APP
    Traccar
    < 5.11
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2024-7746CRITICAL9.5PL ✓ten sam produkt

Traccar Server – pominięcie uwierzytelnienia przez domyślne dane logowania

CVE-2024-31214CRITICAL9.6PL ✓ten sam produkt

Traccar: nieograniczony upload plików prowadzący do RCE

CVE-2026-25648HIGH8.7ten sam produkt

Versions of the Traccar open-source GPS tracking system starting with 6.11.1 contain an issue in which authent...

CVE-2025-68930HIGH7.1ten sam produkt

Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain a Cross-Site WebSoc...

CVE-2026-25649HIGH7.3ten sam produkt

Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which a...