FoF Pretty Mail Server-Side Template Injection Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A server-side template injection vulnerability has been identified in the FoF Pretty Mail extension for Flarum, specifically in version 1.1.2. This vulnerability allows administrative users to inject malicious code into email templates. The injected code can be executed on the server by inserting crafted template expressions that are evaluated during email generation, leading to arbitrary code execution.
Impact
Exploitation of this vulnerability allows for arbitrary code execution on the server where Flarum is hosted.
Reproduction
To reproduce this vulnerability, log in as an administrator on a Flarum forum with the Pretty Mail extension installed. Navigate to the Pretty Mail extension settings and edit the default email template. Insert a payload that includes template expressions, such as mathematical operations or system commands. Save the changes and trigger an email-sending action, such as user registration or password reset. The email recipient will receive the result of the injected expressions, demonstrating the successful execution of the injected code.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.