cbcvebase.
CVE-2023-28458
published 2023-04-20

CVE-2023-28458: pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404…

PriorityP431medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EXPLOIT
EPSS
3.43%
87.4th percentile
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file.

Affected

3 ranges
VendorProductVersion rangeFixed in
pretalxpretalx<= 2.3.1
pretalxpretalx>= 0 < 60722c43cf975f319e94102e6bff32072377689060722c43cf975f319e94102e6bff320723776890
pretalxpretalx>= 2.3.1 < 2.3.22.3.2

Detection & IOCsextracted from sources · hover to see the quote

versionpretalx <= 2.3.1
  • Monitor for unexpected file writes outside the expected HTML export directory, particularly writes of the standard pretalx 404 page content to arbitrary filesystem paths — indicative of path traversal exploitation.
  • Exploitation via the Metasploit module requires Pretalx to be running in debug mode; detect debug mode enablement in Pretalx configuration as a prerequisite indicator.
  • Inspect HTTP requests to the HTML export feature for path traversal sequences (e.g., '../') in export-related parameters, targeting the organizer-accessible HTML export endpoint.
  • ·The HTML export feature is non-default; instances that have not explicitly enabled it are not exposed to this vulnerability.
  • ·Full RCE via the Metasploit exploit chain requires Pretalx to be running in debug mode; without debug mode, exploitation is limited to arbitrary file overwrite with 404 page content.
  • ·The vulnerability is exploitable only by authenticated organizer-level users, not unauthenticated attackers.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.