Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-6216 PoC — Allegra 授权问题漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/code/cves/2025/CVE-2025-6216.yaml
Associated Vulnerability
Title:Allegra 授权问题漏洞 (CVE-2025-6216)
Description:Allegra是Allegra公司的一款适用于中型企业的项目管理软件。 Allegra存在授权问题漏洞,该漏洞源于密码恢复机制依赖可预测值,可能导致认证绕过。
Description
Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password recovery mechanism. The issue results from reliance upon a predictable value when generating a password reset token. An attacker can leverage this vulnerability to bypass authentication on the application.
File Snapshot

 id: CVE-2025-6216

info:
  name: Allegra - Authentication Bypass via Predictable Password Reset Toke

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.