CVE-2024-58302

FoF Pretty Mail 1.1.2 Local File Inclusion via Email Template Settings

CVSS 6.9 MEDIUMEPSS 0.3%CWE-98

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 6.9EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

11 dic 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

FoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability that allows administrative users to include arbitrary server files in email templates. Attackers can exploit the template settings by inserting file inclusion payloads to read sensitive system files like /etc/passwd during email generation.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Productos afectados

Flarum · FriendsofFlarum Pretty Mail

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://flarum.org/https://github.com/FriendsOfFlarum/pretty-mail https://www.exploit-db.com/exploits/51947 https://www.vulncheck.com/advisories/fof-pretty-mail-local-file-inclusion-via-email-template-settings