CVE-2024-58303
📋 TL;DR
CVE-2024-58303 is a server-side template injection vulnerability in FoF Pretty Mail 1.1.2 that allows administrative users to inject malicious code into email templates. This enables attackers to execute arbitrary system commands during email generation, potentially compromising the entire server. Only Flarum forum installations with the Pretty Mail extension are affected.
💻 Affected Systems
- FriendsOfFlarum Pretty Mail
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise allowing attackers to execute arbitrary commands, steal data, install malware, pivot to other systems, and maintain persistent access.
Likely Case
Administrative account compromise leading to data exfiltration, defacement, or installation of backdoors on the Flarum server.
If Mitigated
Limited impact if administrative accounts are properly secured with strong authentication and monitoring.
🎯 Exploit Status
Exploitation requires administrative credentials. Public exploit code is available on Exploit-DB (ID 51948).
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.1.3 or later
Vendor Advisory: https://github.com/FriendsOfFlarum/pretty-mail
Restart Required: No
Instructions:
1. Update the Pretty Mail extension to version 1.1.3 or later via Flarum's admin panel. 2. Verify the update completed successfully. 3. Clear any cached templates if applicable.
🔧 Temporary Workarounds
Disable Pretty Mail Extension
allTemporarily disable the vulnerable extension until patching is possible
php flarum extension:disable fof-pretty-mail
Restrict Administrative Access
allImplement strict access controls and multi-factor authentication for administrative accounts
🧯 If You Can't Patch
- Implement strict network segmentation to isolate the Flarum server from critical systems
- Enable detailed logging and monitoring of administrative actions and email template modifications
🔍 How to Verify
Check if Vulnerable:
Check the Pretty Mail extension version in Flarum admin panel or via composer: composer show fof/pretty-mailCheck Version:
composer show fof/pretty-mail | grep versionVerify Fix Applied:
Confirm the extension version is 1.1.3 or higher and test email template functionality📡 Detection & Monitoring
Log Indicators:
- Unusual administrative login patterns
- Modifications to email templates containing suspicious template expressions
- Unexpected system command execution in server logs
Network Indicators:
- Unusual outbound connections from the Flarum server
- Email generation spikes coinciding with suspicious activity
SIEM Query:
source="flarum_logs" AND (event="template_modification" OR event="admin_login") AND user="admin"