CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2025/12/11 10:7 p.m.•2 views

PHP Remote File Inclusion

Overview fof/pretty-mail is a Create HTML email for Flarum Affected versions of this package are vulnerable to PHP Remote File Inclusion via the email template processing. An attacker can access arbitrary files on the server by injecting file inclusion payloads into the template configuration...

6.9CVSS6.9AI score0.00062EPSS

Exploits0References2

Snyk•added 2025/12/11 10:7 p.m.•1 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview fof/pretty-mail is a Create HTML email for Flarum Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the email template processing. An authenticated attacker with admin privileges can execute arbitrary system...

8.6CVSS7AI score0.00024EPSS

Exploits0References2

CVE•added 2025/12/11 9:40 p.m.•4 views

CVE-2024-58303

FoF Pretty Mail 1.1.2 has a server-side template injection vulnerability in email template processing that lets an administrator inject code and trigger arbitrary system commands during email generation. Affected component: FoF Pretty Mail (likely package foF/pretty-mail) with internal Blade temp...

8.6CVSS8AI score0.00024EPSS

Vulnrichment•added 2025/12/11 9:40 p.m.•1 views

CVE-2024-58303 FoF Pretty Mail 1.1.2 Server Side Template Injection via Email Template Settings

8.6CVSS6.5AI score0.00024EPSS

Vulnrichment•added 2025/12/11 9:40 p.m.•1 views

CVE-2024-58302 FoF Pretty Mail 1.1.2 Local File Inclusion via Email Template Settings

CVE•added 2025/12/11 9:40 p.m.•3 views

CVE-2024-58302

FoF Pretty Mail 1.1.2 is affected by a Local File Inclusion (LFI) in the Email Template Settings. The weakness allows administrative users to include arbitrary server files during email generation, enabling reading of sensitive files such as /etc/passwd. Root cause is misuse of template processin...

Cvelist•added 2025/12/11 9:40 p.m.•17 views

CVE-2024-58302 FoF Pretty Mail 1.1.2 Local File Inclusion via Email Template Settings

6.9CVSS0.00062EPSS

CNNVD•added 2025/12/11 12:0 a.m.•2 views

Pretty Mail by FriendsOfFlarum 安全漏洞

Pretty Mail by FriendsOfFlarum is an open source tool from Friends of Flarum that allows you to make custom html templates for emails. A security vulnerability exists in Pretty Mail by FriendsOfFlarum version 1.1.2, which stems from a server-side template injection in an email template that could...

8.6CVSS6.9AI score0.00024EPSS

Positive Technologies•added 2025/12/11 12:0 a.m.•2 views

PT-2025-50755

Name of the Vulnerable Software and Affected Versions FoF Pretty Mail version 1.1.2 Description FoF Pretty Mail version 1.1.2 has a local file inclusion issue. Administrative users can include arbitrary server files in email templates. An attacker can exploit the template settings by inserting fi...

CNNVD•added 2025/12/11 12:0 a.m.•2 views

Exploits0References6

Pretty Mail by FriendsOfFlarum 安全漏洞

Pretty Mail by FriendsOfFlarum is an open source tool from Friends of Flarum that allows you to make custom html templates for emails. A security vulnerability exists in Pretty Mail by FriendsOfFlarum version 1.1.2, which stems from the presence of a local file inclusion in an email template that...

Exploit DB•added 2024/04/02 12:0 a.m.•240 views

FoF Pretty Mail 1.1.2 - Server Side Template Injection (SSTI)

Exploit Title: FoF Pretty Mail 1.1.2 - Server Side Template Injection SSTI Date: 03/28/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF Pretty...

0day.today•added 2024/04/01 12:0 a.m.•202 views

FoF Pretty Mail 1.1.2 Server-Side Template Injection Vulnerability

The server in Circontrol Raption versions through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The pwrstudio web application of EV Charger in the server in Circontrol Raption through 5.6.2 is vulnerable to OS...

8.4AI score

0day.today•added 2024/04/01 12:0 a.m.•191 views

FoF Pretty Mail 1.1.2 Local File Inclusion Vulnerability

Exploit Title: FoF Pretty Mail 1.1.2 Extension for Flarum Local File Inclusion LFI Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF Pretty Mail...

0day.today•added 2024/04/01 12:0 a.m.•205 views

FoF Pretty Mail 1.1.2 Command Injection Vulnerability

Exploit Title: FoF Pretty Mail 1.1.2 Extension for Flarum Command Injection Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF Pretty Mail extension fo...

Packet Storm•added 2024/03/29 12:0 a.m.•252 views

FoF Pretty Mail 1.1.2 Local File Inclusion

Exploit Title: FoF Pretty Mail 1.1.2 Extension for Flarum Local File Inclusion LFI Date: 03/28/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF...