CVE-2024-58302

FoF Pretty Mail 1.1.2 is affected by a Local File Inclusion (LFI) in the Email Template Settings. The weakness allows administrative users to include arbitrary server files during email generation, enabling reading of sensitive files such as /etc/passwd. Root cause is misuse of template processin...

CVE-2024-58302 FoF Pretty Mail 1.1.2 Local File Inclusion via Email Template Settings

FoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability that allows administrative users to include arbitrary server files in email templates. Attackers can exploit the template settings by inserting file inclusion payloads to read sensitive system files like /etc/passwd during email...

Emlog Cross-Site Scripting Vulnerability (CNVD-2025-24787)

Emlog is a PHP and MySQL based CMS builder. Emlog 2.5.21 and previous versions of cross-site scripting vulnerability, the vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the email template settings, an attacker can exploit this vulnerability by...

CVE-2025-60447

A stored Cross-Site Scripting XSS vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists in the email template configuration component located at /admin/setting.php?action=mail, which allows administrators to input HTML code that is not properly sanitized, leading to...