CVE-2024-5736

HIGH

Admiror-design-studio Admirorframes < 5.0 - SSRF

Title source: rule

Description

Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue affects AdmirorFrames: before 5.0.

Exploits (1)

nomisec WRITEUP

by afine-com · poc

https://github.com/afine-com/CVE-2024-5736

View Code ZIP pw:eip

References (5)

[Third Party Advisory] https://cert.pl/en/posts/2024/06/CVE-2024-5735/

[Third Party Advisory] https://cert.pl/posts/2024/06/CVE-2024-5735/

[Issue Tracking] https://github.com/vasiljevski/admirorframes/issues/3

[Exploit, Third Party Advisory] https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5736

[Exploit, Third Party Advisory] https://github.com/afine-com/CVE-2024-5736

Scores

CVSS v3 7.5

EPSS 0.2882

EPSS Percentile 96.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (1)

admiror-design-studio/admirorframes < 5.0

Published Jun 28, 2024

Tracked Since Feb 18, 2026