From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability Name**: Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability 2. **Vulnerability ID**: ZDI-24-105, ZDI-CAN-22506 3. **CVE ID**: CVE-2023-51642 4. **CVSS Score**: 9.8 5. **Affected Vendor**: Allegra 6. **Affected Product**: Allegra 7. **Vulnerability Description**: - Remote attackers can exploit this vulnerability to execute arbitrary code on affected Allegra installations. - Although authentication is required to exploit this vulnerability, the product implements a registration mechanism that can be used to create a user with sufficient privilege level. - The issue resides in the `loadFieldMatch` method, where user-supplied data is deserialized without proper validation, leading to deserialization of untrusted data. Attackers can leverage this vulnerability to execute code in the local service context. 8. **Additional Information**: - Allegra has released an update to fix this vulnerability. - More details can be found at the following link: [https://www.trackplus.com/en/service/release-notes-reader/7-5-1-release-notes-2.html](https://www.trackplus.com/en/service/release-notes-reader/7-5-1-release-notes-2.html) 9. **Disclosure Timeline**: - 2023-12-06: Vulnerability reported to vendor - 2024-02-09: Coordinated public disclosure of vulnerability advisory - 2024-07-01: Advisory updated 10. **Credit**: 06fe5fd2bc53027c4a3b7e395af0b850e7b8a044 This information provides a detailed description of the vulnerability and the remediation measures.