Unrestricted Upload of File with Dangerous Type
alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file.
alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file.
Alist v3.4.0 is vulnerable to Directory Traversal,
Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board.
Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one).