Directory Traversal
AstrBot is vulnerable to Directory Traversal. The vulnerability is due to the handler function installpluginupload of the interface '/plugin/install-upload' parsing the filename from the request body provided by the user, and directly using the filename to assign to filepath without checking the...