CNNVD-202510-3944 Information
Oct 29, 2025
cve
CNNVD ID
CNNVD-202510-3944
Related CVE
- CNNVD Published: 2025-10-29
Description (Chinese)
Allegra是Allegra公司的一款适用于中型企业的项目管理软件。 Allegra存在路径遍历漏洞,该漏洞源于DatabaseBackupBL类中未对用户提供的路径进行适当验证,可能导致服务账户环境下的信息泄露。
Description (English)
Allegra is an Allegra project management software for medium-sized enterprises. Allegra has a loophole in its path, which stems from the failure to properly validate the path provided by the user in the DatabaseBackupBL category, which may lead to the disclosure of information in the service account environment.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
Allegra
Published
2025-10-29
Last Modified
2026-02-24
References
https://alltena.com/en/resources/release-notes/release-notes-for-release-8-1-6 https://www.zerodayinitiative.com/advisories/ZDI-25-951/
Patch
https://alltena.com/en/resources/downloads
Share on: