Vulnerability Details CVE-2022-45968
Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.1%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2022-45968
-
cpe:2.3:a:alist_project:alist:3.4.0