CVE-2025-11466: Arbitrary File Disclosure in TrackPlus Allegra

CVE Information

CVE ID: CVE-2025-11466

Severity: MEDIUM

CVSS v3.1: 4.9, AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Affected Vendor: Allegra

Affected Product: Allegra

Vulnerability Type: Arbitrary File Read Via DatabaseBackupBL

Vulnerability Details

This vulnerability allows remote attackers to disclose contents of any file present on the server(As per the application user's privilege) on affected installations of Allegra. Authentication is required to exploit this vulnerability.

The specific flaw exists within the DatabaseBackupBL class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the service account.

Proof of Concept

A simple get request to databaseBackup!download.action?fileName=<path_traversal_paylad> will return the contents of the file.

pathtraversal

Additional Details

Allegra has issued an update to correct this vulnerability. More details can be found at: Allegra Release Notes 8.1.6.

Disclosure Timeline

2025-07-08 - Vulnerability reported to vendor
2025-10-08 - Coordinated public release of advisory
2025-10-08 - Advisory Updated

References

This research was conducted by the ZDaylabs security team as part of our ongoing commitment to improving application security.

← Back to Research