- Description
- The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
- Source
- twcert@cert.org.tw
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
[CVE-2024-11313: CRITICAL] Path Traversal vulnerability in DVC from TRCore allows remote attackers to upload arbitrary files, enabling arbitrary code execution through uploaded webshells. #cybersecurity#cybersecurity,#vulnerability https://t.co/IhsttEnrx0 https://t.co/JRKIx4xmCd
@CveFindCom
18 Nov 2024
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11313 The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbit… https://t.co/hpP3RzWXc8
@CVEnew
18 Nov 2024
479 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trcore:dvc:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FEBC9960-DCCF-4107-9B47-F37CD5F4DAF9",
"versionEndExcluding": "6.4",
"versionStartIncluding": "6.0"
}
],
"operator": "OR"
}
]
}
]