CVE-2024-40553

MEDIUM

Tmall_demo v2024.07.03 - File Upload

Title source: llm

Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upload via the component uploadUserHeadImage.

gitee 2,377 stars

by Mrriver · javawriteup

CVSS v3 4.9

EPSS 0.0009

EPSS Percentile 24.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-434

Status published

Products (1)

project_team/tmall_demo 2024-07-03

Published Jul 15, 2024

Tracked Since Feb 18, 2026