← voltar
CVE-2024-58303

FoF Pretty Mail 1.1.2 Server Side Template Injection via Email Template Settings

CVSS 8.6 HIGHEPSS 0.5%CWE-1336
FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generation.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
Flarum · FriendsofFlarum Pretty Mail

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://flarum.org/https://github.com/FriendsOfFlarum/pretty-mailhttps://www.exploit-db.com/exploits/51948https://www.vulncheck.com/advisories/fof-pretty-mail-server-side-template-injection-via-email-template-settings