Vulnerability in Flarum Friendsofflarum Pretty Mail
CVE-2024-58302
FoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability that allows administrative users to include arbitrary server files in email templates. Attackers can exploit the template settings by inserting file inclusion payloads to…
EPSS: 0.003 (22.1th percentile) — read the EPSS interpretation.
Affected products
- Flarum Friendsofflarum Pretty Mail — versions 1.1.2
Weakness classification (CWE)
References
- disclosure@vulncheck.com (exploit)
- disclosure@vulncheck.com (product)
- disclosure@vulncheck.com (product)
- disclosure@vulncheck.com (third-party-advisory)