Allegra Database Backup Directory Traversal Information Disclosure Vulnerability

A directory traversal vulnerability allowing information disclosure has been identified in Allegra Database Backup versions prior to 8.1.6 and 7.5.2.76. This vulnerability arises from the DatabaseBackupBL class's failure to properly validate user-supplied file paths before using them in file operations. As a result, authenticated attackers can exploit this flaw to access sensitive information through the service account.

Impact

Exploitation of this vulnerability allows authenticated users to disclose sensitive information from the server, potentially leading to unauthorized access or exposure of confidential data.

Reproduction

To reproduce this vulnerability, an authenticated user with administrative privileges can send a request to the '/databaseBackup/download.action' endpoint, including a crafted 'fileName' parameter that exploits the directory traversal flaw by using '../' sequences to navigate the file system. This request can be made through a web browser or a tool that allows for HTTP request manipulation, such as a REST client or a web application testing tool.

Remediation

Users are advised to update to Allegra versions 8.1.6 or 7.5.2.76.