CVE-2023-28459
published 2023-04-20CVE-2023-28459: pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents that trigger the…
PriorityP348medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EXPLOIT
EPSS
6.65%
93.0th percentile
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents that trigger the reading of arbitrary files.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pretalx | pretalx | <= 2.3.1 | — |
| pretalx | pretalx | >= 0 < 60722c43cf975f319e94102e6bff320723776890 | 60722c43cf975f319e94102e6bff320723776890 |
| pretalx | pretalx | >= 0 < 2.3.2 | 2.3.2 |
| pretalx | pretalx | >= 2.3.1 < 2.3.2 | 2.3.2 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2023-28459: pretalx 2
osv·2023-04-20
CVE-2023-28459 CVE-2023-28459: pretalx 2
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents that trigger the reading of arbitrary files.
OSV
pretalx vulnerable to path traversal in HTML export
osv·2023-04-20
CVE-2023-28459 [HIGH] pretalx vulnerable to path traversal in HTML export
pretalx vulnerable to path traversal in HTML export
pretalx before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents that trigger the reading of arbitrary files.
GHSA
pretalx vulnerable to path traversal in HTML export
ghsa·2023-04-20
CVE-2023-28459 [HIGH] CWE-22 pretalx vulnerable to path traversal in HTML export
pretalx vulnerable to path traversal in HTML export
pretalx before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents that trigger the reading of arbitrary files.
No detection rules found.
No public exploits indexed.
https://github.com/pretalx/pretalx/commit/60722c43cf975f319e94102e6bff320723776890https://github.com/pretalx/pretalx/releases/tag/v2.3.2https://pretalx.com/p/news/security-release-232/https://www.sonarsource.com/blog/pretalx-vulnerabilities-how-to-get-accepted-at-every-conference/https://github.com/pretalx/pretalx/commit/60722c43cf975f319e94102e6bff320723776890https://github.com/pretalx/pretalx/releases/tag/v2.3.2https://pretalx.com/p/news/security-release-232/https://www.sonarsource.com/blog/pretalx-vulnerabilities-how-to-get-accepted-at-every-conference/
2023-04-20
Published