Lucene search

CERT-PLVULNRICHMENT:CVE-2024-5736

HistoryJun 28, 2024 - 11:26 a.m.

CVE-2024-5736 SSRF in AdmirorFrames Joomla! Extension

2024-06-2811:26:53

CWE-918

CERT-PL

github.com

ssrf

admirorframes

joomla

extension

afgdstream.php

vulnerability

access

local files

server pages

CVSS4

8.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/SC:N/VI:N/SI:N/VA:N/SA:N/AU:Y/U:Green/R:U/V:D/RE:L

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

29.5%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue affects AdmirorFrames: before 5.0.

CNA Affected

[
  {
    "repo": "https://github.com/vasiljevski/admirorframes",
    "vendor": "Nikola Vasilijevski",
    "product": "AdmirorFrames",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "5.0",
        "versionType": "custom"
      }
    ],
    "platforms": [
      "Joomla!"
    ],
    "collectionURL": "https://www.admiror-design-studio.com/admiror-joomla-extensions/admiror-frames",
    "defaultStatus": "unaffected"
  }
]

References

cert.pl/en/posts/2024/06/CVE-2024-5735/

cert.pl/posts/2024/06/CVE-2024-5735/

github.com/afine-com/CVE-2024-5736

github.com/sectroyer/CVEs/tree/main/CVE-2024-5736

github.com/vasiljevski/admirorframes/issues/3

CVSS4

8.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/SC:N/VI:N/SI:N/VA:N/SA:N/AU:Y/U:Green/R:U/V:D/RE:L

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

29.5%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-5736