CVE-2024-58302 MEDIUM

CVE-2024-58302: FoF Pretty Mail 1.1.2 Local File Inclusion via Email Template Settings

Vendor Flarum

Product FriendsofFlarum Pretty Mail

Weakness CWE-98 · PHP file inclusion

Published December 11, 2025

Last update April 7, 2026

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

FoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability that allows administrative users to include arbitrary server files in email templates. Attackers can exploit the template settings by inserting file inclusion payloads to read sensitive system files like /etc/passwd during email generation.

Key dates

02Disclosure timeline

December 11, 2025 CVE published

April 7, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-58302

Related vulnerabilities

CVE-2024-58302: FoF Pretty Mail 1.1.2 Local File Inclusion via Email Template Settings

01Description

02Disclosure timeline

03References

04Related CVE