GCVE - cpe:2.3:a:alltena:allegra:7.5.0build29:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:alltena:allegra:7.5.0build29:*:*:*:*:*:*:*

part: a version: 7.5.0build29 update: *

Vendor	Alltena (`7e0ffc73-e81d-570d-a952-c8574e3a329f`)
Product	Allegra (`49fda470-485b-54f1-99d9-7718a2f10ce8`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-52334`	vulnerable	2026-06-08 06:17:54.813375	Allegra downloadAttachmentGlobal Directory Traversal Information Disclosure Vulnerability HIGH (7.5) Allegra downloadAttachmentGlobal Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The specific flaw exists within the downloadAttachmentGlobal action. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22507. Published: 2024-11-22T20:05:14.057Z Updated: 2024-11-25T16:34:24.154Z Open on db.gcve.eu Reference links https://www.zerodayinitiative.com/advisories/ZDI-24-112/ https://www.trackplus.com/en/service/release-notes-reader/7-5-1-release-notes-2.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-52333`	vulnerable	2026-06-08 06:17:54.812894	Allegra saveFile Directory Traversal Remote Code Execution Vulnerability CRITICAL (9.8) Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The specific flaw exists within the saveFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22548. Published: 2024-11-22T20:05:12.977Z Updated: 2024-11-25T16:39:04.735Z Open on db.gcve.eu Reference links https://www.zerodayinitiative.com/advisories/ZDI-24-104/ https://www.trackplus.com/en/service/release-notes-reader/7-5-1-release-notes-2.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-52332`	vulnerable	2026-06-08 06:17:54.812130	Allegra serveMathJaxLibraries Directory Traversal Information Disclosure Vulnerability HIGH (7.5) Allegra serveMathJaxLibraries Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the serveMathJaxLibraries method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22532. Published: 2024-11-22T20:05:12.032Z Updated: 2024-11-25T16:40:16.446Z Open on db.gcve.eu Reference links https://www.zerodayinitiative.com/advisories/ZDI-24-100/ https://www.trackplus.com/en/service/release-notes-reader/7-5-1-release-notes-2.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-51648`	vulnerable	2026-06-08 06:17:53.665488	Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability HIGH (7.5) Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the product implements a registration mechanism that can be used to create a new user with a sufficient privilege level. The specific flaw exists within the getFileContentAsString method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22530. Published: 2024-11-22T20:05:10.665Z Updated: 2024-11-25T16:40:23.608Z Open on db.gcve.eu Reference links https://www.zerodayinitiative.com/advisories/ZDI-24-099/ https://www.trackplus.com/en/service/release-notes-reader/7-5-1-release-notes-2.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-51647`	vulnerable	2026-06-08 06:17:53.665097	Allegra saveInlineEdit Directory Traversal Remote Code Execution Vulnerability HIGH (7.2) Allegra saveInlineEdit Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the saveInlineEdit method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22528. Published: 2024-11-22T20:05:09.693Z Updated: 2024-11-25T16:40:30.168Z Open on db.gcve.eu Reference links https://www.zerodayinitiative.com/advisories/ZDI-24-108/ https://www.trackplus.com/en/service/release-notes-reader/7-5-1-release-notes-2.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-51646`	vulnerable	2026-06-08 06:17:53.664584	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-51645`	vulnerable	2026-06-08 06:17:53.664112	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-51644`	vulnerable	2026-06-08 06:17:53.663717	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-51643`	vulnerable	2026-06-08 06:17:53.663188	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-51642`	vulnerable	2026-06-08 06:17:53.662433	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-51641`	vulnerable	2026-06-08 06:17:53.662035	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-51640`	vulnerable	2026-06-08 06:17:53.661389	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-51639`	vulnerable	2026-06-08 06:17:53.660701	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-51638`	vulnerable	2026-06-08 06:17:53.658452	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Allegra

PURL mappings

Vulnerability references

Contribute