CVE-2025-5131 – Tmall Demo Unrestricted File Upload Vulnerability

May 24, 2025

CVE ID : CVE-2025-5131

Published : May 24, 2025, 9:15 p.m. | 3 hours, 39 minutes ago

Description : A vulnerability was found in Tmall Demo up to 20250505. It has been declared as critical. This vulnerability affects the function uploadCategoryImage of the file tmall/admin/uploadCategoryImage. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 4.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5132 – Tmall Demo Cross-Site Request Forgery Vulnerability

Next Article Reminiscence is a self-hosted bookmark and archive manager

Highlights

CVE-2025-9247 – Linksys Router Stack-Based Buffer Overflow Vulnerability

August 20, 2025

CVE ID : CVE-2025-9247

Published : Aug. 20, 2025, 9:15 p.m. | 3 hours, 35 minutes ago

Description : A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The affected element is the function setVlan of the file /goform/setVlan. The manipulation of the argument vlan_set leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 9.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Optimizing PWAs For Different Display Modes

Node.js Web App Development Costs: A 2025 Executive Pricing Guide

Google locking down Android security with upcoming developer verification requirements for sideloaded apps

Microsoft donates DocumentDB to the Linux Foundation

Google can translate your voice in real time now – try it free

The one-click Linux app I use for instant online anonymity

You can try Android 16’s new lock screen widgets – if you have one of these phones

Apple’s iPhone 17 event launch date is official – here’s everything we expect

Password Strength Estimator Validation in Laravel

Password Strength Estimator Validation in Laravel

Laravel’s Enhanced String Validation with Inverse Methods

Using SQLite in production with Laravel

Microsoft Excel just got a Copilot function — but the new AI has some surprising limitations

Microsoft Excel just got a Copilot function — but the new AI has some surprising limitations

Why Final Fantasy XIV fans are review‑bombing the game on Steam

Google Chrome VPN under fire for secretly screenshotting users’ browsing habits

CVE-2025-5131 – Tmall Demo Unrestricted File Upload Vulnerability

Yemen Cyber Army hacker jailed after stealing millions of people’s data

CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git

How Infosys improved accessibility for Event Knowledge using Amazon Nova Pro, Amazon Bedrock and Amazon Elemental Media Services

My 4 favorite image editing apps on Linux – and two are free Photoshop alternatives

Comodo Internet Security 2025 Vulnerabilities Execute Remote Code With SYSTEM Privilege

CVE-2025-52972 – Apache HTTP Server Command Injection

CVE-2025-9247 – Linksys Router Stack-Based Buffer Overflow Vulnerability

Build scalable containerized RAG based generative AI applications in AWS using Amazon EKS with Amazon Bedrock

L’approssimarsi della fine di Windows 10: è il momento di considerare GNU/Linux e LibreOffice

Redefining CCaaS Solutions Success in the Digital Era

CVE-2025-5131 – Tmall Demo Unrestricted File Upload Vulnerability

Related Posts