From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Name**: Allegra renderFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability 2. **Vulnerability ID**: ZDI-24-106, ZDI-CAN-22505 3. **CVE ID**: CVE-2023-51641 4. **CVSS Score**: 9.8 5. **Affected Vendor**: Allegra 6. **Affected Product**: Allegra 7. **Vulnerability Details**: - Remote attackers can exploit this vulnerability to execute arbitrary code on affected Allegra installations. - Although authentication is required to exploit this vulnerability, the product implements a registration mechanism that allows creation of a user with sufficient privilege level. - The issue lies in the `renderFieldMatch` method, where user-supplied data is deserialized without proper validation, leading to deserialization of untrusted data. Attackers can leverage this to execute code in the local service context. 8. **Additional Details**: - Allegra has released an update to fix this vulnerability. - More details can be found at the following link: [https://www.trackplus.com/en/service/release-notes-reader/7-5-1-release-notes-2.html](https://www.trackplus.com/en/service/release-notes-reader/7-5-1-release-notes-2.html) 9. **Disclosure Timeline**: - 2023-12-06 - Vulnerability reported to vendor - 2024-02-09 - Coordinated public disclosure of vulnerability advisory - 2024-07-01 - Advisory update 10. **Credit**: 06fe5fd2bc53027c4a3b7e395af0b850e7b8a044 This information provides a detailed description of the vulnerability, including its severity, affected systems and vendors, and technical details on how the vulnerability can be exploited.