CVE-2023-51646

CVSS 3.0 Score 7.2 of 10 (high)

Details

Published Nov 22, 2024
CWE ID 22

Summary

CVE-2023-51646 is a Directory Traversal Remote Code Execution vulnerability affecting Allegra's uploadSimpleFile method. This issue permits remote attackers to execute arbitrary code on vulnerable installations, even though authentication is necessary to exploit it. The authentication mechanism can be circumvented, posing a significant threat. The root cause of the vulnerability lies in insufficient validation of user-supplied file paths before their use in file operations. An attacker can exploit this weakness to execute code with LOCAL SERVICE privileges, as identified in ZDI-CAN-22527.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share