CVE-2024-58302

Sažetak

FoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability that allows administrative users to include arbitrary server files in email templates. Attackers can exploit the template settings by inserting file inclusion payloads to read sensitive system files like /etc/passwd during email generation.

Reference

https://flarum.org/
https://github.com/FriendsOfFlarum/pretty-mail
https://www.exploit-db.com/exploits/51947
https://www.vulncheck.com/advisories/fof-pretty-mail-local-file-inclusion-via-email-template-settings

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

12-12-2025 - 15:17

Objavljeno

11-12-2025 - 22:15