Tmall_demo vulnerable to arbitrary file upload
CVE-2024-40555

5.3MEDIUM

Key Information:

Vendor: Tmall
Status: Tmall Demo
Vendor: CVE Published:; 15 July 2024

What is CVE-2024-40555?

An arbitrary file upload vulnerability was identified in the Tmall_demo product version 2024.07.03. This vulnerability enables attackers to upload files to the server without proper validation, potentially allowing the execution of malicious scripts or unauthorized access to sensitive information. Organizations using the affected version should assess their security posture and implement appropriate mitigations to prevent exploitation of this vulnerability. Further details of the issue can be referenced on the Tmall project's issue tracker.

References

https://gitee.com/project_team/Tmall_demo/issues/IAAO1T

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2024

CVE-2024-40555 Data

JSON