The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.

AttackIQ Academy


AttackIQ Academy combats cyberthreats with free courses by top experts. Enjoy hands-on learning in MITRE ATT&CKĀ®, purple teaming, and breach & attack simulation, earning badges and certifications. Enhance your cybersecurity skills at no cost as part of the Informed Defender Community. Join us and become a cybersecurity hero today!

Listed: