CVE-2024-11312

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
Configurations

Configuration 1 (hide)

cpe:2.3:a:trcore:dvc:*:*:*:*:*:*:*:*

History

20 Nov 2024, 15:16

Type Values Removed Values Added
References () https://www.twcert.org.tw/en/cp-139-8249-65252-2.html - () https://www.twcert.org.tw/en/cp-139-8249-65252-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-8248-8dac9-1.html - () https://www.twcert.org.tw/tw/cp-132-8248-8dac9-1.html - Third Party Advisory
CPE cpe:2.3:a:trcore:dvc:*:*:*:*:*:*:*:*
First Time Trcore
Trcore dvc
CWE CWE-22

18 Nov 2024, 17:11

Type Values Removed Values Added
Summary
  • (es) El DVC de TRCore tiene una vulnerabilidad de Path Traversal y no restringe los tipos de archivos cargados. Esto permite que atacantes remotos no autenticados carguen archivos arbitrarios en cualquier directorio, lo que lleva a la ejecución de código arbitrario al cargar webshells.

18 Nov 2024, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-18 07:15

Updated : 2024-11-20 15:16


NVD link : CVE-2024-11312

Mitre link : CVE-2024-11312

CVE.ORG link : CVE-2024-11312


JSON object : View

Products Affected

trcore

  • dvc
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-434

Unrestricted Upload of File with Dangerous Type

CWE-23

Relative Path Traversal