Vulnerability Description
FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generation.
Related Weaknesses (CWE)
References
- https://flarum.org/
- https://github.com/FriendsOfFlarum/pretty-mail
- https://www.exploit-db.com/exploits/51948
- https://www.vulncheck.com/advisories/fof-pretty-mail-server-side-template-inject
FAQ
What is CVE-2024-58303?
CVE-2024-58303 is a documented vulnerability. FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by i...
How severe is CVE-2024-58303?
CVSS scoring is not yet available for CVE-2024-58303. Check NVD for updates.
Is there a patch for CVE-2024-58303?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.