CVE-2026-37430

HIGH

qihang-wms 75c15a - Arbitrary File Upload

Title source: llm

Description

An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file.

References (2)

Core 2

Core References

https://github.com/Y4y17/CVE/blob/main/%E5%90%AF%E8%88%AA%E7%94%B5%E5%95%86WMS/Security%20vulnerability.md

View Writeup ZIP pw:eip

https://gist.github.com/Y4y17/6587147a37eba5b31de832e067f317ef

Scores

CVSS v3 7.3

EPSS 0.0028

EPSS Percentile 19.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-434

Status published

Published May 13, 2026

Tracked Since May 13, 2026