cbcvebase.
CVE-2023-28459
published 2023-04-20

CVE-2023-28459: pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents that trigger the…

PriorityP348medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EXPLOIT
EPSS
6.65%
93.0th percentile
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents that trigger the reading of arbitrary files.

Affected

4 ranges
VendorProductVersion rangeFixed in
pretalxpretalx<= 2.3.1
pretalxpretalx>= 0 < 60722c43cf975f319e94102e6bff32072377689060722c43cf975f319e94102e6bff320723776890
pretalxpretalx>= 0 < 2.3.22.3.2
pretalxpretalx>= 2.3.1 < 2.3.22.3.2
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.