CVE-2024-5735

Опубликовано: 28 июн. 2024

Источник: nvd

CVSS3: 7.5

EPSS Средний

Описание

Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0.

Ссылки

https://cert.pl/en/posts/2024/06/CVE-2024-5735/
Third Party Advisory
https://cert.pl/posts/2024/06/CVE-2024-5735/
Third Party Advisory
https://github.com/afine-com/CVE-2024-5735
Exploit
Third Party Advisory
https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5735
Exploit
Third Party Advisory
https://github.com/vasiljevski/admirorframes/issues/3
Issue Tracking
https://cert.pl/en/posts/2024/06/CVE-2024-5735/
Third Party Advisory
https://cert.pl/posts/2024/06/CVE-2024-5735/
Third Party Advisory
https://github.com/afine-com/CVE-2024-5735
Exploit
Third Party Advisory
https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5735
Exploit
Third Party Advisory
https://github.com/vasiljevski/admirorframes/issues/3
Issue Tracking

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:admiror-design-studio:admirorframes:*:*:*:*:*:joomla\!:*:*

Версия до 5.0 (исключая)

EPSS

Процентиль: 97%

0.30207

Средний

7.5 High

CVSS3

Дефекты

CWE-497

NVD-CWE-Other

Связанные уязвимости

GHSA-4f69-vpc6-qrx2