Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for FriendsofFlarum Pretty Mail by Flarum
CVE-2024-58303 (GCVE-0-2024-58303)
Vulnerability from cvelistv5 – Published: 2025-12-11 21:40 – Updated: 2026-04-07 14:08
VLAI
Title
FoF Pretty Mail 1.1.2 Server Side Template Injection via Email Template Settings
Summary
FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generation.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine (SSTI)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/51948 | exploit |
| https://flarum.org/ | product |
| https://github.com/FriendsOfFlarum/pretty-mail | product |
| https://www.vulncheck.com/advisories/fof-pretty-m… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Flarum | FriendsofFlarum Pretty Mail |
Affected:
1.1.2
|
Date Public
2024-04-02 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58303",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T21:35:25.679403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T20:39:20.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FriendsofFlarum Pretty Mail",
"vendor": "Flarum",
"versions": [
{
"status": "affected",
"version": "1.1.2"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flarum:flarum:1.1.2:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chokri Hammedi, \u003cchokri.hammedi@unknown\u003e"
}
],
"datePublic": "2024-04-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generation.\u003c/p\u003e"
}
],
"value": "FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generation."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine (SSTI)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:08:47.092Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51948",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51948"
},
{
"name": "Flarum Homepage",
"tags": [
"product"
],
"url": "https://flarum.org/"
},
{
"name": "Pretty Mail GitHub Repository",
"tags": [
"product"
],
"url": "https://github.com/FriendsOfFlarum/pretty-mail"
},
{
"name": "VulnCheck Advisory: FoF Pretty Mail 1.1.2 Server Side Template Injection via Email Template Settings",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/fof-pretty-mail-server-side-template-injection-via-email-template-settings"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "FoF Pretty Mail 1.1.2 Server Side Template Injection via Email Template Settings",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-58303",
"datePublished": "2025-12-11T21:40:26.839Z",
"dateReserved": "2025-12-11T11:49:20.718Z",
"dateUpdated": "2026-04-07T14:08:47.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-58302 (GCVE-0-2024-58302)
Vulnerability from cvelistv5 – Published: 2025-12-11 21:40 – Updated: 2026-04-07 14:08
VLAI
Title
FoF Pretty Mail 1.1.2 Local File Inclusion via Email Template Settings
Summary
FoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability that allows administrative users to include arbitrary server files in email templates. Attackers can exploit the template settings by inserting file inclusion payloads to read sensitive system files like /etc/passwd during email generation.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/51947 | exploit |
| https://flarum.org/ | product |
| https://github.com/FriendsOfFlarum/pretty-mail | product |
| https://www.vulncheck.com/advisories/fof-pretty-m… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Flarum | FriendsofFlarum Pretty Mail |
Affected:
1.1.2
|
Date Public
2024-04-02 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58302",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T21:34:00.864871Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T21:34:10.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FriendsofFlarum Pretty Mail",
"vendor": "Flarum",
"versions": [
{
"status": "affected",
"version": "1.1.2"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flarum:flarum:1.1.2:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chokri Hammedii"
}
],
"datePublic": "2024-04-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability that allows administrative users to include arbitrary server files in email templates. Attackers can exploit the template settings by inserting file inclusion payloads to read sensitive system files like /etc/passwd during email generation.\u003c/p\u003e"
}
],
"value": "FoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability that allows administrative users to include arbitrary server files in email templates. Attackers can exploit the template settings by inserting file inclusion payloads to read sensitive system files like /etc/passwd during email generation."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:08:46.295Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51947",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51947"
},
{
"name": "Flarum Homepage",
"tags": [
"product"
],
"url": "https://flarum.org/"
},
{
"name": "Pretty Mail GitHub Repository",
"tags": [
"product"
],
"url": "https://github.com/FriendsOfFlarum/pretty-mail"
},
{
"name": "VulnCheck Advisory: FoF Pretty Mail 1.1.2 Local File Inclusion via Email Template Settings",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/fof-pretty-mail-local-file-inclusion-via-email-template-settings"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "FoF Pretty Mail 1.1.2 Local File Inclusion via Email Template Settings",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-58302",
"datePublished": "2025-12-11T21:40:09.699Z",
"dateReserved": "2025-12-11T00:58:28.457Z",
"dateUpdated": "2026-04-07T14:08:46.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-58303 (GCVE-0-2024-58303)
Vulnerability from nvd – Published: 2025-12-11 21:40 – Updated: 2026-04-07 14:08
VLAI
Title
FoF Pretty Mail 1.1.2 Server Side Template Injection via Email Template Settings
Summary
FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generation.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine (SSTI)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/51948 | exploit |
| https://flarum.org/ | product |
| https://github.com/FriendsOfFlarum/pretty-mail | product |
| https://www.vulncheck.com/advisories/fof-pretty-m… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Flarum | FriendsofFlarum Pretty Mail |
Affected:
1.1.2
|
Date Public
2024-04-02 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58303",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T21:35:25.679403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T20:39:20.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FriendsofFlarum Pretty Mail",
"vendor": "Flarum",
"versions": [
{
"status": "affected",
"version": "1.1.2"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flarum:flarum:1.1.2:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chokri Hammedi, \u003cchokri.hammedi@unknown\u003e"
}
],
"datePublic": "2024-04-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generation.\u003c/p\u003e"
}
],
"value": "FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generation."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine (SSTI)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:08:47.092Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51948",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51948"
},
{
"name": "Flarum Homepage",
"tags": [
"product"
],
"url": "https://flarum.org/"
},
{
"name": "Pretty Mail GitHub Repository",
"tags": [
"product"
],
"url": "https://github.com/FriendsOfFlarum/pretty-mail"
},
{
"name": "VulnCheck Advisory: FoF Pretty Mail 1.1.2 Server Side Template Injection via Email Template Settings",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/fof-pretty-mail-server-side-template-injection-via-email-template-settings"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "FoF Pretty Mail 1.1.2 Server Side Template Injection via Email Template Settings",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-58303",
"datePublished": "2025-12-11T21:40:26.839Z",
"dateReserved": "2025-12-11T11:49:20.718Z",
"dateUpdated": "2026-04-07T14:08:47.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-58302 (GCVE-0-2024-58302)
Vulnerability from nvd – Published: 2025-12-11 21:40 – Updated: 2026-04-07 14:08
VLAI
Title
FoF Pretty Mail 1.1.2 Local File Inclusion via Email Template Settings
Summary
FoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability that allows administrative users to include arbitrary server files in email templates. Attackers can exploit the template settings by inserting file inclusion payloads to read sensitive system files like /etc/passwd during email generation.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/51947 | exploit |
| https://flarum.org/ | product |
| https://github.com/FriendsOfFlarum/pretty-mail | product |
| https://www.vulncheck.com/advisories/fof-pretty-m… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Flarum | FriendsofFlarum Pretty Mail |
Affected:
1.1.2
|
Date Public
2024-04-02 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58302",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T21:34:00.864871Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T21:34:10.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FriendsofFlarum Pretty Mail",
"vendor": "Flarum",
"versions": [
{
"status": "affected",
"version": "1.1.2"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flarum:flarum:1.1.2:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chokri Hammedii"
}
],
"datePublic": "2024-04-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability that allows administrative users to include arbitrary server files in email templates. Attackers can exploit the template settings by inserting file inclusion payloads to read sensitive system files like /etc/passwd during email generation.\u003c/p\u003e"
}
],
"value": "FoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability that allows administrative users to include arbitrary server files in email templates. Attackers can exploit the template settings by inserting file inclusion payloads to read sensitive system files like /etc/passwd during email generation."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:08:46.295Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51947",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51947"
},
{
"name": "Flarum Homepage",
"tags": [
"product"
],
"url": "https://flarum.org/"
},
{
"name": "Pretty Mail GitHub Repository",
"tags": [
"product"
],
"url": "https://github.com/FriendsOfFlarum/pretty-mail"
},
{
"name": "VulnCheck Advisory: FoF Pretty Mail 1.1.2 Local File Inclusion via Email Template Settings",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/fof-pretty-mail-local-file-inclusion-via-email-template-settings"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "FoF Pretty Mail 1.1.2 Local File Inclusion via Email Template Settings",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-58302",
"datePublished": "2025-12-11T21:40:09.699Z",
"dateReserved": "2025-12-11T00:58:28.457Z",
"dateUpdated": "2026-04-07T14:08:46.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}