CVE-2024-11313 CRITICAL

CVE-2024-11313: TRCore DVC - Arbitrary File Upload through Path Traversal

Vendor Trcore

Product DVC

Weakness CWE-23

Published November 18, 2024

Last update November 18, 2024

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.

Key dates

02Disclosure timeline

November 18, 2024 CVE published

November 18, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-11313

Related vulnerabilities

CVE-2024-11313: TRCore DVC - Arbitrary File Upload through Path Traversal

01Description

02Disclosure timeline

03References

04Related CVE