High severityGHSA Advisory· Published Dec 11, 2025· Updated Apr 15, 2026

CVE-2024-58303

Description

FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generation.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
fof/pretty-mailPackagist	<= 1.1.2	—

Affected products

FriendsOfFlarum/Pretty MailGHSA
Range: <= 1.1.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-947q-2xw3-gx9cghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-58303ghsaADVISORY
flarum.orgghsaWEB
www.exploit-db.com/exploits/51948nvdWEB
www.vulncheck.com/advisories/fof-pretty-mail-server-side-template-injection-via-email-template-settingsnvdWEB
flarum.orgnvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000