3 matches found
📄 Pretalx Limited File Write / Remote Code Execution
This Metasploit module exploits CVE-2023-28458, a limited file write in Pretalx, up to version 2.3.1. The module will use the vulnerability to write a malicious site-specific configuration hook for Python. Once hook is written, payload will be executed every time Pretalx user runs any Python code...
CVE-2023-28458
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Organizers can trigger the overwriting with the standard pretalx 404 page content of an arbitrary file...
CVE-2023-28458
CVE-2023-28458 affects Pretalx up to version 2.3.1, where path traversal in the HTML export feature can allow overwriting an arbitrary file with the standard 404 page content. The vulnerability is documented with multiple sources confirming a limited file-write condition that can lead to a broade...