VYPR

Pretty Mail

by FriendsOfFlarum

Source repositories

CVEs (2)

  • CVE-2024-58303HigDec 11, 2025
    risk 0.56cvss epss 0.01

    FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution…

  • CVE-2024-58302MedDec 11, 2025
    risk 0.45cvss epss 0.00

    FoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability that allows administrative users to include arbitrary server files in email templates. Attackers can exploit the template settings by inserting file inclusion payloads to read sensitive system files like…