CVE-2024-58302
Description
FoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability that allows administrative users to include arbitrary server files in email templates. Attackers can exploit the template settings by inserting file inclusion payloads to read sensitive system files like /etc/passwd during email generation.
Is your site exposed to CVE-2024-58302?
Run a free security scan — no signup, results in seconds.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2024-58302? +
How do I check if I'm vulnerable to CVE-2024-58302? +
Related Vulnerabilities
Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary …
Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive …
Emlog is an open source website building system. In 2.6.13 and earlier, the article publishing interface stores a path-traversal template …
Kirby is an open-source content management system. In versions 5.3.0 and above but prior to 5.4.1, Kirby did not correctly …
A improper control of filename for include/require statement in PHP program vulnerability in the retrieve course Information function of Wisdom …
Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to …