DVC Path Traversal Vulnerability Allows Arbitrary Code Execution
CVE-2024-11312
9.8CRITICAL
What is CVE-2024-11312?
The DVC product from TRCore is impacted by a Path Traversal vulnerability that permits unauthenticated remote attackers to upload arbitrary files to system directories without restriction. This flaw could enable the deployment of webshells, resulting in the potential execution of arbitrary code on the affected system. Proper security measures and updates to the DVC are essential to mitigate the risks associated with this vulnerability.
Affected Version(s)
DVC 6.0 <= 6.3