CVE-2023-28458

MEDIUM

Pretalx Limited File Write to Remote Code Execution

Title source: metasploit

Description

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Stefan Schiller, msutovsky-r7 · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/pretalx_rce_cve_2023_28458.rb

View Code ZIP pw:eip

References (4)

[Patch] https://github.com/pretalx/pretalx/commit/60722c43cf975f319e94102e6bff320723776890

[Release Notes] https://github.com/pretalx/pretalx/releases/tag/v2.3.2

[Vendor Advisory] https://pretalx.com/p/news/security-release-232/

[Exploit, Patch, Third Party Advisory] https://www.sonarsource.com/blog/pretalx-vulnerabilities-how-to-get-accepted-at-every-conference/

Scores

CVSS v3 4.3

EPSS 0.7006

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-22

Status published

Products (2)

pretalx/pretalx < 2.3.1

pypi/pretalx 2.3.1 - 2.3.2PyPI

Published Apr 20, 2023

Tracked Since Feb 18, 2026