← volver
CVE-2024-58303

FoF Pretty Mail 1.1.2 Server Side Template Injection via Email Template Settings

CVSS 8.6 HIGHEPSS 0.5%CWE-1336
FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generation.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
Flarum · FriendsofFlarum Pretty Mail

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://flarum.org/https://github.com/FriendsOfFlarum/pretty-mailhttps://www.exploit-db.com/exploits/51948https://www.vulncheck.com/advisories/fof-pretty-mail-server-side-template-injection-via-email-template-settings