- Description
- The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
- Source
- twcert@cert.org.tw
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
CVE-2024-11312 The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, lea... https://t.co/Db2VRX3w9s
@VulmonFeeds
18 Nov 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-11312: CRITICAL] TRCore's DVC is at risk with Path Traversal flaw & unrestricted file uploads. This exposes it to remote attackers for arbitrary code execution using webshells. #CyberSecurity#cybersecurity,#vulnerability https://t.co/0jxBQPI5yq https://t.co/6fBzwUH6
@CveFindCom
18 Nov 2024
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11312 The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbit… https://t.co/hD0hAfFqHP
@CVEnew
18 Nov 2024
479 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trcore:dvc:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FEBC9960-DCCF-4107-9B47-F37CD5F4DAF9",
"versionEndExcluding": "6.4",
"versionStartIncluding": "6.0"
}
],
"operator": "OR"
}
]
}
]