pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents that trigger the reading of arbitrary files.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-04-20T00:00:00
Updated: 2024-08-02T12:38:25.381Z
Reserved: 2023-03-15T00:00:00
Link: CVE-2023-28459
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-04-20T21:15:08.823
Modified: 2024-11-21T07:55:07.603
Link: CVE-2023-28459
Redhat
No data.