CVE-2024-11311

9.8

Critical

Published:18 Nov 2024

Last updated:17 Jun 2026

Source:twcert@cert.org.tw

Analyzed

Weakness (CWE)

CWE-23CWE-23
CWE-434Unrestricted File Upload
CWE-22Path Traversal

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High

View on MITRE Find PoC on GitHub

Description

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.

References

twcert@cert.org.tw

https://www.twcert.org.tw/en/cp-139-8247-83457-2.html

twcert@cert.org.tw

https://www.twcert.org.tw/tw/cp-132-8246-d462a-1.html