Unrated severityNVD Advisory· Published Nov 18, 2024· Updated Nov 18, 2024

TRCore DVC - Arbitrary File Upload through Path Traversal

CVE-2024-11311

Description

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.

Affected products

Trcore/Dvcv5
Range: 6.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.twcert.org.tw/en/cp-139-8247-83457-2.htmlmitrethird-party-advisory
www.twcert.org.tw/tw/cp-132-8246-d462a-1.htmlmitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000