- Description
- The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
- Source
- twcert@cert.org.tw
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
[CVE-2024-11314: CRITICAL] Warning: TRCore's DVC vulnerable to Path Traversal attack! Unrestricted file uploads permit remote attackers to execute arbitrary code via webshells. #CyberSecurity#cybersecurity,#vulnerability https://t.co/Y4pSUnuDbJ https://t.co/VuuPyTJgpC
@CveFindCom
18 Nov 2024
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11314 The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbit… https://t.co/H3WDOR2JC4
@CVEnew
18 Nov 2024
375 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trcore:dvc:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FEBC9960-DCCF-4107-9B47-F37CD5F4DAF9",
"versionEndExcluding": "6.4",
"versionStartIncluding": "6.0"
}
],
"operator": "OR"
}
]
}
]