- Description
- The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
- Source
- twcert@cert.org.tw
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
CVE-2024-11315 The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbit… https://t.co/nbwXeG2qvw
@CVEnew
18 Nov 2024
545 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-11315: CRITICAL] Path Traversal vulnerability in TRCore's DVC allows remote attackers to upload arbitrary files, enabling arbitrary code execution through webshells. #CyberSecurity#cybersecurity,#vulnerability https://t.co/mxdxKUjHPe https://t.co/GTdgDI6sVp
@CveFindCom
18 Nov 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trcore:dvc:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FEBC9960-DCCF-4107-9B47-F37CD5F4DAF9",
"versionEndExcluding": "6.4",
"versionStartIncluding": "6.0"
}
],
"operator": "OR"
}
]
}
]