CVE-2024-5736

Опубликовано: 28 июн. 2024

Источник: nvd

CVSS3: 7.5

EPSS Средний

Описание

Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue affects AdmirorFrames: before 5.0.

Ссылки

https://cert.pl/en/posts/2024/06/CVE-2024-5735/
Third Party Advisory
https://cert.pl/posts/2024/06/CVE-2024-5735/
Third Party Advisory
https://github.com/afine-com/CVE-2024-5736
Exploit
Third Party Advisory
https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5736
Exploit
Third Party Advisory
https://github.com/vasiljevski/admirorframes/issues/3
Issue Tracking
https://cert.pl/en/posts/2024/06/CVE-2024-5735/
Third Party Advisory
https://cert.pl/posts/2024/06/CVE-2024-5735/
Third Party Advisory
https://github.com/afine-com/CVE-2024-5736
Exploit
Third Party Advisory
https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5736
Exploit
Third Party Advisory
https://github.com/vasiljevski/admirorframes/issues/3
Issue Tracking

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:admiror-design-studio:admirorframes:*:*:*:*:*:joomla\!:*:*

Версия до 5.0 (исключая)

EPSS

Процентиль: 96%

0.28818

Средний

7.5 High

CVSS3

Дефекты

CWE-918