CVE-2023-51646
CVSS 3.0 Score 7.2 of 10 (high)
Details
Summary
CVE-2023-51646 is a Directory Traversal Remote Code Execution vulnerability affecting Allegra's uploadSimpleFile method. This issue permits remote attackers to execute arbitrary code on vulnerable installations, even though authentication is necessary to exploit it. The authentication mechanism can be circumvented, posing a significant threat. The root cause of the vulnerability lies in insufficient validation of user-supplied file paths before their use in file operations. An attacker can exploit this weakness to execute code with LOCAL SERVICE privileges, as identified in ZDI-CAN-22527.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Allegra