CVE-2024-58303

EUVD-2024-55329
FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Common Weakness Enumeration
References
https://flarum.org/
https://github.com/FriendsOfFlarum/pretty-mail
https://www.exploit-db.com/exploits/51948
https://www.vulncheck.com/advisories/fof-pretty-mail-server-side-template-injection-via-email-template-settings