CVE-2024-58302

UNKNOWN 0.0

FoF Pretty Mail 1.1.2 Local File Inclusion via Email Template Settings

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

FoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability that allows administrative users to include arbitrary server files in email templates. Attackers can exploit the template settings by inserting file inclusion payloads to read sensitive system files like /etc/passwd during email generation.

CWE	CWE-98
Vendor	flarum
Product	friendsofflarum pretty mail
Published	Dec 11, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for flarum friendsofflarum pretty mail

Be the first to know when new unknown vulnerabilities affecting flarum friendsofflarum pretty mail are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Flarum / FriendsofFlarum Pretty Mail

1.1.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/51947 flarum.org: https://flarum.org/ github.com: https://github.com/FriendsOfFlarum/pretty-mail vulncheck.com: https://www.vulncheck.com/advisories/fof-pretty-mail-local-file-inclusion-via-email-template-settings

Credits

Chokri Hammedii