cbcvebase.

Alltena Allegra vulnerabilities

21 known vulnerabilities affecting alltena/allegra.

Total CVEs
21
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH8MEDIUM10

Vulnerabilities

Page 1 of 2
CVE-2025-6216P1CRITICALCVSS 9.8PoC≥ 7.0.0, < 7.5.2.70≥ 8.0.0, < 8.1.242025-06-21
CVE-2025-6216 [CRITICAL] CWE-640 CVE-2025-6216: Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This vulnerabil Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password recovery mechanism. The issue results from reliance
nvd
CVE-2023-51639P2CRITICALCVSS 9.8fixed in 7.5.12024-11-22
CVE-2023-51639 [CRITICAL] CWE-22 CVE-2023-51639: Allegra downloadExportedChart Directory Traversal Authentication Bypass Vulnerability. This vulnerab Allegra downloadExportedChart Directory Traversal Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloadExportedChart action. The issue results from the l
nvd
CVE-2023-51638P2CRITICALCVSS 9.8fixed in 7.5.12024-11-22
CVE-2023-51638 [CRITICAL] CWE-798 CVE-2023-51638: Allegra Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote Allegra Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a database. The issue results from the use of a hardcoded p
nvd
CVE-2025-3485P2HIGHCVSS 8.8fixed in 8.1.22025-06-06
CVE-2025-3485 [HIGH] CWE-22 CVE-2025-3485: Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability. This vulnerabili Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the extractFileFromZip method. The issue results fro
nvd
CVE-2025-3486P2HIGHCVSS 8.8fixed in 8.1.22025-05-22
CVE-2025-3486 [HIGH] CWE-22 CVE-2025-3486: Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability. This vulnerability Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the isZipEntryValide method. The issue results from th
nvd
CVE-2023-51644P3HIGHCVSS 7.3fixed in 7.5.12024-11-22
CVE-2023-51644 [HIGH] CWE-284 CVE-2023-51644: Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability. This vulnerabi Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of Struts. The issue results from improper acce
nvd
CVE-2023-52333P3HIGHCVSS 7.3fixed in 7.5.12024-11-22
CVE-2023-52333 [HIGH] CWE-22 CVE-2023-52333: Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege l
nvd
CVE-2024-5581P3HIGHCVSS 7.2fixed in 7.5.22024-11-22
CVE-2024-5581 [HIGH] CWE-22 CVE-2024-5581: Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the unzipFile method. The issue results from the lack of proper validation of a use
nvd
CVE-2023-52332P3HIGHCVSS 7.5fixed in 7.5.12024-11-22
CVE-2023-52332 [HIGH] CWE-22 CVE-2023-52332: Allegra serveMathJaxLibraries Directory Traversal Information Disclosure Vulnerability. This vulnera Allegra serveMathJaxLibraries Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the serveMathJaxLibraries method. The issue results from
nvd
CVE-2024-5580P3HIGHCVSS 7.2fixed in 7.5.22024-11-22
CVE-2024-5580 [HIGH] CWE-502 CVE-2024-5580: Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This v Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the loadFieldMatch method. The issue results from the lack of p
nvd
CVE-2024-5579P3HIGHCVSS 7.2fixed in 7.5.22024-11-22
CVE-2024-5579 [HIGH] CWE-502 CVE-2024-5579: Allegra renderFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This Allegra renderFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the renderFieldMatch method. The issue results from the lack
nvd
CVE-2024-30372P3MEDIUMCVSS 6.3fixed in 7.5.12024-11-22
CVE-2024-30372 [MEDIUM] CWE-1336 CVE-2024-30372: Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This vulnera Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of getLinkText method. The issue results from
nvd
CVE-2023-51641P3MEDIUMCVSS 6.3fixed in 7.5.12024-11-22
CVE-2023-51641 [MEDIUM] CWE-502 CVE-2023-51641: Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability. Thi Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user wi
nvd
CVE-2023-51642P3MEDIUMCVSS 6.3fixed in 7.5.12024-11-22
CVE-2023-51642 [MEDIUM] CWE-502 CVE-2023-51642: Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This v Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with
nvd
CVE-2023-52334P3MEDIUMCVSS 6.5fixed in 7.5.12024-11-22
CVE-2023-52334 [MEDIUM] CWE-22 CVE-2023-52334: Allegra downloadAttachmentGlobal Directory Traversal Information Disclosure Vulnerability. This vuln Allegra downloadAttachmentGlobal Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user w
nvd
CVE-2023-51648P3MEDIUMCVSS 6.5fixed in 7.5.12024-11-22
CVE-2023-51648 [MEDIUM] CWE-22 CVE-2023-51648: Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability. This vulner Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the product implements a registration mechanism that can be used to create a new
nvd
CVE-2023-51647P3MEDIUMCVSS 4.7fixed in 7.5.12024-11-22
CVE-2023-51647 [MEDIUM] CWE-22 CVE-2023-51647: Allegra saveInlineEdit Directory Traversal Remote Code Execution Vulnerability. This vulnerability a Allegra saveInlineEdit Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the saveIn
nvd
CVE-2023-51643P3MEDIUMCVSS 4.7fixed in 7.5.12024-11-22
CVE-2023-51643 [MEDIUM] CWE-22 CVE-2023-51643: Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allow Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the uploadFile
nvd
CVE-2023-51646P3MEDIUMCVSS 4.7fixed in 7.5.12024-11-22
CVE-2023-51646 [MEDIUM] CWE-22 CVE-2023-51646: Allegra uploadSimpleFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability Allegra uploadSimpleFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the uplo
nvd
CVE-2023-51640P3MEDIUMCVSS 4.7fixed in 7.5.12024-11-22
CVE-2023-51640 [MEDIUM] CWE-22 CVE-2023-51640: Allegra extarctZippedFile Directory Traversal Remote Code Execution Vulnerability. This vulnerabilit Allegra extarctZippedFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ext
nvd
Alltena Allegra vulnerabilities | cvebase