An issue in the system image upload interface of Alldata v0.4.6 allows attackers to execute a directory traversal when uploading a file.
https://github.com/Raybye/alldata-bug/blob/main/alldata.md
https://gist.github.com/Raybye/6cf4aa273e12a220056e38bec764d42d