CVE-2024-5735

HIGH

AdmirorFrames <5.0 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-5735. PoCs published by afine-com.

AI-analyzed exploit summary This repository contains a writeup for CVE-2024-5735, a Full Path Disclosure vulnerability in the AdmirorFrames Joomla! Extension. The issue arises from the direct use of the `JPATH_BASE` variable in constructing image paths, leading to potential information leakage.

Description

Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0.

Exploits (1)

nomisec WRITEUP

by afine-com · poc

https://github.com/afine-com/CVE-2024-5735

View Code ZIP pw:eip

This repository contains a writeup for CVE-2024-5735, a Full Path Disclosure vulnerability in the AdmirorFrames Joomla! Extension. The issue arises from the direct use of the `JPATH_BASE` variable in constructing image paths, leading to potential information leakage.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: AdmirorFrames Joomla! Extension < 5.0

No auth needed

Prerequisites: Access to the vulnerable Joomla! extension

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory third-party-advisory

https://cert.pl/en/posts/2024/06/CVE-2024-5735/

Third Party Advisory third-party-advisory

https://cert.pl/posts/2024/06/CVE-2024-5735/

Issue Tracking issue-tracking

https://github.com/vasiljevski/admirorframes/issues/3

Exploit, Third Party Advisory technical-description

https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5735

View Exploit ZIP pw:eip

Exploit, Third Party Advisory technical-description

https://github.com/afine-com/CVE-2024-5735

Scores

CVSS v3 7.5

EPSS 0.0152

EPSS Percentile 71.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-497

Status published

Products (1)

admiror-design-studio/admirorframes < 5.0

Published Jun 28, 2024

Tracked Since Feb 18, 2026