CVE-2023-50729 HIGH

CVE-2023-50729: An unrestricted file upload vulnerability in traccar leads to RCE

Vendor Traccar
Product traccar
Weakness CWE-434 · Unrestricted file upload
Published January 15, 2024
Last update June 17, 2025

CVSS base score

8.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Traccar is an open source GPS tracking system. Prior to 5.11, Traccar is affected by an unrestricted file upload vulnerability in File feature allows attackers to execute arbitrary code on the server. This vulnerability is more prevalent because Traccar is recommended to run web servers as root user. It is also more dangerous because it can write or overwrite files in arbitrary locations. Version 5.11 was published to fix this vulnerability.

Key dates

02Disclosure timeline

January 15, 2024 CVE published
June 17, 2025 Record updated