CVE-2024-11314

Name of the Vulnerable Software and Affected Versions TRCore DVC versions up to 6.3

Description The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.

Recommendations For TRCore DVC versions up to 6.3, patch systems immediately to prevent unauthorized access. As a temporary workaround, consider restricting the types of uploaded files and limiting access to sensitive directories until a patch is available. Prioritize a thorough security audit to identify any additional risks and review logs for signs of compromise.