CVE-2024-5736 HIGH

CVE-2024-5736: SSRF in AdmirorFrames Joomla! Extension

Vendor Nikola Vasilijevski

Product AdmirorFrames

Weakness CWE-918 · SSRF

Published June 28, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

8.2/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:L/U:Green

What the vulnerability does

01Description

Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue affects AdmirorFrames: before 5.0.

Key dates

02Disclosure timeline

June 28, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-5736 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/918.html

Related vulnerabilities

04Related CVE

CVE-2026-3958 Woahai321 ListSync JSON api_server.py requests.post server-side request forgery CVE-2024-54000 Mobile Security Framework (MobSF) bypass of SSRF fix CVE-2024-32454 WordPress Wappointment plugin <= 2.6.0 - Server Side Request Forgery (SSRF) vulnerability CVE-2024-51665 WordPress Magical Addons For Elementor plugin <= 1.2.1 - Server Side Request Forgery (SSRF) vulnerability CVE-2022-1213 SSRF filter bypass port 80, 433 in livehelperchat/livehelperchat