CNNVD-202512-2052 Information
CNNVD ID
CNNVD-202512-2052
Related CVE
- CNNVD Published: 2025-12-11
Description (Chinese)
Pretty Mail by FriendsOfFlarum是Friends of Flarum开源的一个允许您为电子邮件制作自定义html模板的工具。 Pretty Mail by FriendsOfFlarum 1.1.2版本存在安全漏洞,该漏洞源于电子邮件模板中存在服务器端模板注入,可能导致执行系统命令。
Description (English)
Pretty Mail by Friends OfFlarum is a tool for making custom html templates for e-mail that is open to friends of Flarum. There is a security loophole in Pretty Mail by Friends OfFlarum 1.1.2, which results from the injection of server-end templates in the e-mail template, which may result in the implementation of a system command.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Friends of Flarum
Published
2025-12-11
Last Modified
2026-02-24
References
https://flarum.org/ https://github.com/FriendsOfFlarum/pretty-mail https://www.exploit-db.com/exploits/51948 https://www.vulncheck.com/advisories/fof-pretty-mail-server-side-template-injection-via-email-template-settings
Share on: