- Description
- The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
- Source
- twcert@cert.org.tw
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
CVE-2024-11311 The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbit… https://t.co/Q06K32yG5x
@CVEnew
18 Nov 2024
421 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-11311: CRITICAL] DVC from TRCore has a Path Traversal vulnerability and unrestricted file uploads, enabling remote attackers to upload files to any directory, risking arbitrary code execution.#cybersecurity,#vulnerability https://t.co/FIjfKBND5B https://t.co/WF5CLd3wxX
@CveFindCom
18 Nov 2024
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trcore:dvc:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FEBC9960-DCCF-4107-9B47-F37CD5F4DAF9",
"versionEndExcluding": "6.4",
"versionStartIncluding": "6.0"
}
],
"operator": "OR"
}
]
}
]