Описание
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 6.0 (включая) до 6.4 (исключая)
cpe:2.3:a:trcore:dvc:*:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.0516
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-23
CWE-22
Связанные уязвимости
CVSS3: 9.8
github
около 1 года назад
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
EPSS
Процентиль: 90%
0.0516
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-23
CWE-22