CVE-2024-58303

UNKNOWN 0.0

FoF Pretty Mail 1.1.2 Server Side Template Injection via Email Template Settings

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generation.

CWE	CWE-1336
Vendor	flarum
Product	friendsofflarum pretty mail
Published	Dec 11, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for flarum friendsofflarum pretty mail

Be the first to know when new unknown vulnerabilities affecting flarum friendsofflarum pretty mail are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Flarum / FriendsofFlarum Pretty Mail

1.1.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/51948 flarum.org: https://flarum.org/ github.com: https://github.com/FriendsOfFlarum/pretty-mail vulncheck.com: https://www.vulncheck.com/advisories/fof-pretty-mail-server-side-template-injection-via-email-template-settings

Credits

Chokri Hammedi, <chokri.hammedi@unknown>