CVE-2023-50729

Name of the Vulnerable Software and Affected Versions Traccar versions prior to 5.11

Description Traccar, an open source GPS tracking system, is affected by an unrestricted file upload vulnerability in the File feature. This allows attackers to execute arbitrary code on the server. The issue is more prevalent due to the recommendation to run Traccar web servers as the root user, making it more dangerous as it can write or overwrite files in arbitrary locations.

Recommendations For versions prior to 5.11, update to version 5.11 to fix the vulnerability. As a temporary workaround, consider restricting access to the File feature until the update is applied.