Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TRCore DVC - Arbitrary File Upload through Path Traversal
Vulnerability Description
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
相对路径遍历
Vulnerability Title
TRCore DVC 安全漏洞
Vulnerability Description
TRCore DVC是中国TRCore公司的一个文件保险系统。 TRCore DVC 6.0版本至6.3版本存在安全漏洞,该漏洞源于不限制上传文件类型。攻击者利用该漏洞可以向任意目录上传任意文件,通过上传 webshell 实现任意代码执行。
CVSS Information
N/A
Vulnerability Type
N/A