CVE-2022-45968

Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder even a password protected one...

Vulnerability in MG2 php based Image Gallery - bypass security, view password protected images

The MG2 Image Gallery system has the ability to make create online galleries. Even password protected once. By manipulating url from a gallery, you are able to list out all pictures in every gallery. Even though they are inside a password protected folder. Sample manipulation could be:...