CVE-2024-58302
📋 TL;DR
CVE-2024-58302 is a local file inclusion vulnerability in FoF Pretty Mail 1.1.2 that allows administrative users to include arbitrary server files in email templates. Attackers can exploit this to read sensitive system files like /etc/passwd during email generation. This affects Flarum forum installations using the vulnerable FoF Pretty Mail extension.
💻 Affected Systems
- FoF Pretty Mail (FriendsOfFlarum extension)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise through reading sensitive configuration files, SSH keys, database credentials, or other critical system files that could lead to privilege escalation or lateral movement.
Likely Case
Information disclosure of sensitive server files including configuration files, user data, or system information that could be used for further attacks.
If Mitigated
Limited impact if proper access controls and file permissions are in place, restricting readable files to non-sensitive data.
🎯 Exploit Status
Exploitation requires administrative privileges. Public exploit code is available on Exploit-DB (ID 51947).
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.1.3 or later
Vendor Advisory: https://github.com/FriendsOfFlarum/pretty-mail
Restart Required: No
Instructions:
1. Update FoF Pretty Mail extension to version 1.1.3 or later via Flarum admin panel. 2. Verify the update completed successfully. 3. Clear any cached templates if applicable.
🔧 Temporary Workarounds
Remove vulnerable extension
allTemporarily disable or remove the FoF Pretty Mail extension until patched
php flarum extension:disable fof-pretty-mail
php flarum extension:remove fof-pretty-mail
Restrict admin access
allTemporarily restrict administrative access to trusted users only
🧯 If You Can't Patch
- Immediately restrict administrative access to only essential, trusted personnel
- Implement file system monitoring for unusual file access patterns from the web application
🔍 How to Verify
Check if Vulnerable:
Check if FoF Pretty Mail extension version is 1.1.2 in Flarum admin panel or via command: php flarum extension:list | grep pretty-mailCheck Version:
php flarum extension:list | grep pretty-mailVerify Fix Applied:
Verify extension version is 1.1.3 or later: php flarum extension:list | grep pretty-mail📡 Detection & Monitoring
Log Indicators:
- Unusual file path patterns in email template settings
- Access to sensitive system files from web application logs
- Multiple failed attempts to access restricted files
Network Indicators:
- Unusual outbound data transfers containing system file contents
- Patterns of file inclusion attempts in HTTP requests
SIEM Query:
web_logs WHERE (url_path CONTAINS '/admin/extensions/pretty-mail' AND request_body CONTAINS '../') OR (response_body CONTAINS 'root:x:')