Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability
CVE-2023-51643

4.7MEDIUM

Key Information:

Vendor: Allegra
Status: Allegra
Vendor: CVE Published:; 22 November 2024

What is CVE-2023-51643?

The Allegra uploadFile method has a vulnerability that permits remote attackers to execute arbitrary code on the affected installations. This issue arises from inadequate validation of user-supplied paths prior to their utilization in file operations. Although the exploitation necessitates authentication, the authentication mechanism can be circumvented, enabling attackers to leverage the flaw effectively. Successful exploitation allows the execution of code with the privileges of the LOCAL SERVICE account, posing a significant risk to system security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Allegra 7.5.0 build 29

References

https://www.zerodayinitiative.com/advisories/ZDI-24-103/

x_research-advisory

https://www.trackplus.com/en/service/release-notes-reader...

vendor-advisory

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2024
Vulnerability Reserved
Dec 20, 2023

JSON

Allegra