CVE-2024-58302

MEDIUM

FoF Pretty Mail 1.1.2 - Local File Inclusion

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-58302. PoCs published by Chokri Hammedi.

AI-analyzed exploit summary This is a writeup describing a Local File Inclusion (LFI) vulnerability in FoF Pretty Mail 1.1.2. It explains how an attacker with administrative access can include sensitive files in email templates, leading to information disclosure.

Description

FoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability that allows administrative users to include arbitrary server files in email templates. Attackers can exploit the template settings by inserting file inclusion payloads to read sensitive system files like /etc/passwd during email generation.

Exploits (1)

exploitdb WRITEUP
by Chokri Hammedi · textwebappsphp
https://www.exploit-db.com/exploits/51947

This is a writeup describing a Local File Inclusion (LFI) vulnerability in FoF Pretty Mail 1.1.2. It explains how an attacker with administrative access can include sensitive files in email templates, leading to information disclosure.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: FoF Pretty Mail 1.1.2
Auth required
Prerequisites: Administrative access to the Flarum forum · FoF Pretty Mail extension installed and configured
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v4 6.9
EPSS 0.0006
EPSS Percentile 19.8%
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-98
Status published
Products (1)
Flarum/FriendsofFlarum Pretty Mail 1.1.2
Published Dec 11, 2025
Tracked Since Feb 18, 2026