CVE-2024-58303

FoF Pretty Mail 1.1.2 Server Side Template Injection via Email Template Settings

Description

FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generation.

INFO

Published Date :

2025-12-11T21:40:26.839Z

Last Modified :

2026-04-07T14:08:47.092Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2024-58303 vulnerability.

Vendors	Products
Flarum	Flarum Pretty Mail

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-58303.

URL	Resource
https://flarum.org/
https://github.com/FriendsOfFlarum/pretty-mail
https://www.exploit-db.com/exploits/51948
https://www.vulncheck.com/advisories/fof-pretty-mail-server-side-template-injection-via-email-template-settings

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability