The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.

Return on Security


Save hours of market research with a weekly review of cybersecurity funding and industry news in 5 minutes, with the occasional deep-drive blog post.

Listed: