The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.

IT Security Guru


IT Security Guru is the home of IT Security and Cybersecurity news in the UK, Europe and the World. Get the latest industry news and articles here.

Listed: