CVE-2024-58303

FoF Pretty Mail 1.1.2 Server Side Template Injection via Email Template Settings

CVSS 8.6 HIGHEPSS 0.5%CWE-1336

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.6EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

11 dez 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generation.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Produtos afetados

Flarum · FriendsofFlarum Pretty Mail

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://flarum.org/https://github.com/FriendsOfFlarum/pretty-mail https://www.exploit-db.com/exploits/51948 https://www.vulncheck.com/advisories/fof-pretty-mail-server-side-template-injection-via-email-template-settings