Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue affects AdmirorFrames: before 5.0.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Admiror-design-studio
  • Admirorframes

Configuration 1 [-]

cpe:2.3:a:admiror-design-studio:admirorframes:*:*:*:*:*:joomla\!:*:*

No data.

References
Link Providers
https://cert.pl/en/posts/2024/06/CVE-2024-5735/ cve-icon cve-icon
https://cert.pl/posts/2024/06/CVE-2024-5735/ cve-icon cve-icon
https://github.com/afine-com/CVE-2024-5736 cve-icon cve-icon
https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5736 cve-icon cve-icon
https://github.com/vasiljevski/admirorframes/issues/3 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published:

Updated: 2024-08-01T21:18:06.930Z

Reserved: 2024-06-07T06:09:42.924Z

Link: CVE-2024-5736

cve-icon Vulnrichment

Updated: 2024-06-28T20:15:31.162Z

cve-icon NVD

Status : Modified

Published: 2024-06-28T12:15:10.923

Modified: 2024-11-21T09:48:15.580

Link: CVE-2024-5736

cve-icon Redhat

No data.