FoF Pretty Mail Local File Inclusion Vulnerability

A local file inclusion vulnerability has been identified in the FoF Pretty Mail extension for Flarum, specifically in version 1.1.2. This vulnerability allows administrative users to include arbitrary server files in email templates. By inserting file inclusion payloads into the template settings, attackers can read sensitive system files, such as /etc/passwd, during the email generation process.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the server, potentially disclosing confidential information or system details.

Reproduction

To reproduce this vulnerability, log in as an administrator on a Flarum forum with the Pretty Mail extension installed. Navigate to the extension's settings and edit the default email template. Insert a file inclusion payload, such as a request to include '/etc/passwd', and save the changes. Trigger an email-sending action, such as user registration or password reset, to see the included file's contents in the email.