CVE-2023-28458

MEDIUM

Pretalx Limited File Write to Remote Code Execution

Title source: metasploit

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-28458. PoCs published by Stefan Schiller, msutovsky-r7, including Metasploit module auxiliary/scanner/http/pretalx_file_read_cve_2023_28459.

AI-analyzed exploit summary This Metasploit module exploits CVE-2023-28459 (arbitrary file read) and CVE-2023-28458 (limited file write) in Pretalx by abusing the schedule export functionality to include arbitrary files via HTML tags. It requires valid credentials and conference details to execute the attack.

Description

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file.

Exploits (2)

metasploit WORKING POC

by Stefan Schiller, msutovsky-r7 · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/pretalx_file_read_cve_2023_28459.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2023-28459 (arbitrary file read) and CVE-2023-28458 (limited file write) in Pretalx by abusing the schedule export functionality to include arbitrary files via HTML tags. It requires valid credentials and conference details to execute the attack.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Pretalx <= 2.3.1

Auth required

Prerequisites: valid user credentials · conference name · media URL path · schedule export permissions

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed May 27, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Stefan Schiller, msutovsky-r7 · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/pretalx_rce_cve_2023_28458.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2023-28458, a limited file write vulnerability in Pretalx up to version 2.3.1, to achieve remote code execution by writing a malicious Python configuration hook. The exploit requires debug mode to be enabled and valid credentials.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Pretalx up to version 2.3.1

Auth required

Prerequisites: Valid credentials · Debug mode enabled · Pretalx version <= 2.3.1

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Patch

https://github.com/pretalx/pretalx/commit/60722c43cf975f319e94102e6bff320723776890

View Patch ZIP pw:eip

Release Notes

https://github.com/pretalx/pretalx/releases/tag/v2.3.2

Vendor Advisory

https://pretalx.com/p/news/security-release-232/

Exploit, Patch, Third Party Advisory

https://www.sonarsource.com/blog/pretalx-vulnerabilities-how-to-get-accepted-at-every-conference/

Scores

CVSS v3 4.3

EPSS 0.7680

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (2)

pretalx/pretalx < 2.3.1

pypi/pretalx 2.3.1 - 2.3.2PyPI

Published Apr 20, 2023

Tracked Since Feb 18, 2026