Public CVE-2024-40524 disclosure

Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upload via the component uploadUserHeadImage.