From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Name: Allegra saveFile Directory Traversal Remote Code Execution Vulnerability 2. Vulnerability IDs: - ZDI-24-104 - ZDI-CAN-22548 3. CVE ID: CVE-2023-52333 4. CVSS Score: 9.8, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 5. Affected Vendor: Allegra 6. Affected Product: Allegra 7. Vulnerability Details: - Remote attackers can exploit this vulnerability to execute arbitrary code on affected Allegra installations. - Although authentication is required to exploit this vulnerability, the product implements a registration mechanism that can be used to create users with sufficient privilege levels. - The issue resides in the method. The problem stems from user-supplied paths not being properly validated before being used in file operations. - Attackers can leverage this vulnerability to execute code in the local service context. 8. Additional Details: - Allegra has released an update to fix this vulnerability. - More details can be found at the following link: https://www.trackplus.com/en/service/release-notes-reader/7-5-1-release-notes-2.html 9. Disclosure Timeline: - 2023-12-06 - Vulnerability reported to vendor - 2024-02-09 - Coordinated public disclosure of vulnerability advisory - 2024-07-01 - Advisory update 10. Credit: 06fe5fd2bc53027c4a3b7e395af0b850e7b8a044 This information provides a detailed description of the vulnerability, including its severity, affected systems and vendors, exploitation methods, and remediation details.