Описание
FoF Pretty Mail has a server-side template injection vulnerability
FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generation.
Пакеты
Наименование
fof/pretty-mail
composer
Затронутые версииВерсия исправления
<= 1.1.2
Отсутствует
Связанные уязвимости
nvd
около 2 месяцев назад
FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generation.