exploitDog

CVE-2024-11315

Опубликовано: 18 нояб. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.

Ссылки

https://www.twcert.org.tw/en/cp-139-8255-0bb1a-2.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-8254-8daa2-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:trcore:dvc:*:*:*:*:*:*:*:*

Версия от 6.0 (включая) до 6.4 (исключая)

EPSS

Процентиль: 90%

0.0516

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-23

CWE-22

Связанные уязвимости

GHSA-pr37-gvg2-qr9v

CVSS3: 9.8

github

около 1 года назад

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.

EPSS

Процентиль: 90%

0.0516

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-23

CWE-22