Alltena Allegra vulnerabilities
21 known vulnerabilities affecting alltena/allegra.
Total CVEs
21
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH8MEDIUM10
Vulnerabilities
Page 1 of 2
CVE-2025-6216P1CRITICALCVSS 9.8PoC≥ 7.0.0, < 7.5.2.70≥ 8.0.0, < 8.1.242025-06-21
CVE-2025-6216 [CRITICAL] CWE-640 CVE-2025-6216: Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This vulnerabil
Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the password recovery mechanism. The issue results from reliance
nvd
CVE-2023-51639P2CRITICALCVSS 9.8fixed in 7.5.12024-11-22
CVE-2023-51639 [CRITICAL] CWE-22 CVE-2023-51639: Allegra downloadExportedChart Directory Traversal Authentication Bypass Vulnerability. This vulnerab
Allegra downloadExportedChart Directory Traversal Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the downloadExportedChart action. The issue results from the l
nvd
CVE-2023-51638P2CRITICALCVSS 9.8fixed in 7.5.12024-11-22
CVE-2023-51638 [CRITICAL] CWE-798 CVE-2023-51638: Allegra Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote
Allegra Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the configuration of a database. The issue results from the use of a hardcoded p
nvd
CVE-2025-3485P2HIGHCVSS 8.8fixed in 8.1.22025-06-06
CVE-2025-3485 [HIGH] CWE-22 CVE-2025-3485: Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability. This vulnerabili
Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability.
The specific flaw exists within the implementation of the extractFileFromZip method. The issue results fro
nvd
CVE-2025-3486P2HIGHCVSS 8.8fixed in 8.1.22025-05-22
CVE-2025-3486 [HIGH] CWE-22 CVE-2025-3486: Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability. This vulnerability
Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability.
The specific flaw exists within the implementation of the isZipEntryValide method. The issue results from th
nvd
CVE-2023-51644P3HIGHCVSS 7.3fixed in 7.5.12024-11-22
CVE-2023-51644 [HIGH] CWE-284 CVE-2023-51644: Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability. This vulnerabi
Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the configuration of Struts. The issue results from improper acce
nvd
CVE-2023-52333P3HIGHCVSS 7.3fixed in 7.5.12024-11-22
CVE-2023-52333 [HIGH] CWE-22 CVE-2023-52333: Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows
Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege l
nvd
CVE-2024-5581P3HIGHCVSS 7.2fixed in 7.5.22024-11-22
CVE-2024-5581 [HIGH] CWE-22 CVE-2024-5581: Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows
Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability.
The specific flaw exists within the unzipFile method. The issue results from the lack of proper validation of a use
nvd
CVE-2023-52332P3HIGHCVSS 7.5fixed in 7.5.12024-11-22
CVE-2023-52332 [HIGH] CWE-22 CVE-2023-52332: Allegra serveMathJaxLibraries Directory Traversal Information Disclosure Vulnerability. This vulnera
Allegra serveMathJaxLibraries Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the serveMathJaxLibraries method. The issue results from
nvd
CVE-2024-5580P3HIGHCVSS 7.2fixed in 7.5.22024-11-22
CVE-2024-5580 [HIGH] CWE-502 CVE-2024-5580: Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This v
Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability.
The specific flaw exists within the loadFieldMatch method. The issue results from the lack of p
nvd
CVE-2024-5579P3HIGHCVSS 7.2fixed in 7.5.22024-11-22
CVE-2024-5579 [HIGH] CWE-502 CVE-2024-5579: Allegra renderFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This
Allegra renderFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability.
The specific flaw exists within the renderFieldMatch method. The issue results from the lack
nvd
CVE-2024-30372P3MEDIUMCVSS 6.3fixed in 7.5.12024-11-22
CVE-2024-30372 [MEDIUM] CWE-1336 CVE-2024-30372: Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This vulnera
Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability.
The specific flaw exists within the implementation of getLinkText method. The issue results from
nvd
CVE-2023-51641P3MEDIUMCVSS 6.3fixed in 7.5.12024-11-22
CVE-2023-51641 [MEDIUM] CWE-502 CVE-2023-51641: Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability. Thi
Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user wi
nvd
CVE-2023-51642P3MEDIUMCVSS 6.3fixed in 7.5.12024-11-22
CVE-2023-51642 [MEDIUM] CWE-502 CVE-2023-51642: Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This v
Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with
nvd
CVE-2023-52334P3MEDIUMCVSS 6.5fixed in 7.5.12024-11-22
CVE-2023-52334 [MEDIUM] CWE-22 CVE-2023-52334: Allegra downloadAttachmentGlobal Directory Traversal Information Disclosure Vulnerability. This vuln
Allegra downloadAttachmentGlobal Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user w
nvd
CVE-2023-51648P3MEDIUMCVSS 6.5fixed in 7.5.12024-11-22
CVE-2023-51648 [MEDIUM] CWE-22 CVE-2023-51648: Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability. This vulner
Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the product implements a registration mechanism that can be used to create a new
nvd
CVE-2023-51647P3MEDIUMCVSS 4.7fixed in 7.5.12024-11-22
CVE-2023-51647 [MEDIUM] CWE-22 CVE-2023-51647: Allegra saveInlineEdit Directory Traversal Remote Code Execution Vulnerability. This vulnerability a
Allegra saveInlineEdit Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the saveIn
nvd
CVE-2023-51643P3MEDIUMCVSS 4.7fixed in 7.5.12024-11-22
CVE-2023-51643 [MEDIUM] CWE-22 CVE-2023-51643: Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allow
Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the uploadFile
nvd
CVE-2023-51646P3MEDIUMCVSS 4.7fixed in 7.5.12024-11-22
CVE-2023-51646 [MEDIUM] CWE-22 CVE-2023-51646: Allegra uploadSimpleFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability
Allegra uploadSimpleFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the uplo
nvd
CVE-2023-51640P3MEDIUMCVSS 4.7fixed in 7.5.12024-11-22
CVE-2023-51640 [MEDIUM] CWE-22 CVE-2023-51640: Allegra extarctZippedFile Directory Traversal Remote Code Execution Vulnerability. This vulnerabilit
Allegra extarctZippedFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the ext
nvd
1 / 2Next →