CVE-2022-45968

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Alist version 3.4.0

Description The issue allows a user with only file upload permission to upload any file to any folder, including those that are password protected.

Recommendations For Alist version 3.4.0, update to version 3.5.1 to resolve the issue. As a temporary workaround, consider restricting file upload permissions to minimize the risk of exploitation.

Exploit

Fix

Improper Preservation of Permissions

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-281CWE-434

Related Identifiers

CVE-2022-45968

GHSA-4GJR-VGFX-9QVW

GO-2022-1161

Affected Products

Alist

CVE-2022-45968

Weakness Enumeration

Related Identifiers

Affected Products

References · 10