CRITICAL🇵🇱 Wersja polska

CVE-2023-51639

CVSS 9.8v3.1pub. 2024-11-22upd. 2025-01-03

Allegra downloadExportedChart Directory Traversal Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloadExportedChart action. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-22361.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Alltena Allegra

    APP
    Alltena
    < 7.5.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path TraversalAuth Bypass
CWE
References

Related vulnerabilities

CVE-2025-6216CRITICAL9.8PL ✓ten sam produkt

Allegra: pominięcie uwierzytelnienia przez przewidywalny token odzyskiwania hasła

CVE-2023-51638CRITICAL9.8PL ✓ten sam produkt

Allegra: pominięcie uwierzytelnienia przez zakodowane hasło w bazie danych

CVE-2025-3485HIGH8.8ten sam produkt

Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows ...

CVE-2025-3486HIGH8.8ten sam produkt

Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows re...

CVE-2023-52333HIGH7.3ten sam produkt

Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote att...