CVE-2024-58303

Summary

FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generation.

Affected Software

VendorProductVersion RangeStatus
FlarumFriendsofFlarum Pretty Mail1.1.2affected

Weaknesses

  • CWE-1336: CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine (SSTI)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References