Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for admirorframes by admiror-design-studio

    CVE-2024-5737 (GCVE-0-2024-5737)

    Vulnerability from nvd – Published: 2024-06-28 11:29 – Updated: 2024-08-01 21:18
    VLAI
    Title
    HTML Injection in AdmirorFrames Joomla! Extension
    Summary
    Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Nikola Vasilijevski AdmirorFrames Affected: 0 , < 5.0 (custom)
    Create a notification for this product.
    admiror-design-studio admiror_frames Affected: 0 , < 5.0 (custom)
        cpe:2.3:a:admiror-design-studio:admiror_frames:5.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Marcin Wyczechowski [AFINE Team] Michał Majchrowicz [AFINE Team]
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:admiror-design-studio:admiror_frames:5.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "admiror_frames",
                "vendor": "admiror-design-studio",
                "versions": [
                  {
                    "lessThan": "5.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5737",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T21:59:53.619986Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T22:01:41.843Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:18:07.021Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://cert.pl/en/posts/2024/06/CVE-2024-5735/"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://cert.pl/posts/2024/06/CVE-2024-5735/"
              },
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://github.com/vasiljevski/admirorframes/issues/3"
              },
              {
                "tags": [
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5737"
              },
              {
                "tags": [
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://github.com/afine-com/CVE-2024-5737"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.admiror-design-studio.com/admiror-joomla-extensions/admiror-frames",
              "defaultStatus": "unaffected",
              "platforms": [
                "Joomla!"
              ],
              "product": "AdmirorFrames",
              "repo": "https://github.com/vasiljevski/admirorframes",
              "vendor": "Nikola Vasilijevski",
              "versions": [
                {
                  "lessThan": "5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Marcin Wyczechowski [AFINE Team]"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Micha\u0142 Majchrowicz [AFINE Team]"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Script afGdStream.php in\u0026nbsp;AdmirorFrames Joomla! extension doesn\u2019t specify a content type and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML.\u0026nbsp;\u003cp\u003eThis issue affects AdmirorFrames: before 5.0.\u003c/p\u003e"
                }
              ],
              "value": "Script afGdStream.php in\u00a0AdmirorFrames Joomla! extension doesn\u2019t specify a content type and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML.\u00a0This issue affects AdmirorFrames: before 5.0."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "GREEN",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:L/U:Green",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-28T11:31:21.794Z",
            "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
            "shortName": "CERT-PL"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/en/posts/2024/06/CVE-2024-5735/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/posts/2024/06/CVE-2024-5735/"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/vasiljevski/admirorframes/issues/3"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5737"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://github.com/afine-com/CVE-2024-5737"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HTML Injection in AdmirorFrames Joomla! Extension",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "assignerShortName": "CERT-PL",
        "cveId": "CVE-2024-5737",
        "datePublished": "2024-06-28T11:29:03.154Z",
        "dateReserved": "2024-06-07T06:09:43.874Z",
        "dateUpdated": "2024-08-01T21:18:07.021Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5736 (GCVE-0-2024-5736)

    Vulnerability from nvd – Published: 2024-06-28 11:26 – Updated: 2024-08-01 21:18
    VLAI
    Title
    SSRF in AdmirorFrames Joomla! Extension
    Summary
    Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue affects AdmirorFrames: before 5.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Nikola Vasilijevski AdmirorFrames Affected: 0 , < 5.0 (custom)
    Create a notification for this product.
    Credits
    Marcin Wyczechowski [AFINE Team] Michał Majchrowicz [AFINE Team]
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5736",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-28T20:15:27.174368Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-28T20:15:34.356Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:18:06.930Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://cert.pl/en/posts/2024/06/CVE-2024-5735/"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://cert.pl/posts/2024/06/CVE-2024-5735/"
              },
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://github.com/vasiljevski/admirorframes/issues/3"
              },
              {
                "tags": [
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5736"
              },
              {
                "tags": [
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://github.com/afine-com/CVE-2024-5736"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.admiror-design-studio.com/admiror-joomla-extensions/admiror-frames",
              "defaultStatus": "unaffected",
              "platforms": [
                "Joomla!"
              ],
              "product": "AdmirorFrames",
              "repo": "https://github.com/vasiljevski/admirorframes",
              "vendor": "Nikola Vasilijevski",
              "versions": [
                {
                  "lessThan": "5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Marcin Wyczechowski [AFINE Team]"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Micha\u0142 Majchrowicz [AFINE Team]"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost.\u0026nbsp;\u003cp\u003eThis issue affects AdmirorFrames: before 5.0.\u003c/p\u003e"
                }
              ],
              "value": "Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost.\u00a0This issue affects AdmirorFrames: before 5.0."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "GREEN",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:L/U:Green",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-28T11:47:27.875Z",
            "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
            "shortName": "CERT-PL"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/en/posts/2024/06/CVE-2024-5735/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/posts/2024/06/CVE-2024-5735/"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/vasiljevski/admirorframes/issues/3"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5736"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://github.com/afine-com/CVE-2024-5736"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SSRF in AdmirorFrames Joomla! Extension",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "assignerShortName": "CERT-PL",
        "cveId": "CVE-2024-5736",
        "datePublished": "2024-06-28T11:26:53.512Z",
        "dateReserved": "2024-06-07T06:09:42.924Z",
        "dateUpdated": "2024-08-01T21:18:06.930Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5735 (GCVE-0-2024-5735)

    Vulnerability from nvd – Published: 2024-06-28 11:24 – Updated: 2024-08-01 21:18
    VLAI
    Title
    Full Path Disclosure in AdmirorFrames Joomla! Extension
    Summary
    Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    Impacted products
    Vendor Product Version
    Nikola Vasilijevski AdmirorFrames Affected: 0 , < 5.0 (custom)
    Create a notification for this product.
    Credits
    Marcin Wyczechowski [AFINE Team] Michał Majchrowicz [AFINE Team]
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5735",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-09T18:28:13.619096Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-09T18:28:24.935Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:18:07.044Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://cert.pl/en/posts/2024/06/CVE-2024-5735/"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://cert.pl/posts/2024/06/CVE-2024-5735/"
              },
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://github.com/vasiljevski/admirorframes/issues/3"
              },
              {
                "tags": [
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5735"
              },
              {
                "tags": [
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://github.com/afine-com/CVE-2024-5735"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.admiror-design-studio.com/admiror-joomla-extensions/admiror-frames",
              "defaultStatus": "unaffected",
              "platforms": [
                "Joomla!"
              ],
              "product": "AdmirorFrames",
              "repo": "https://github.com/vasiljevski/admirorframes",
              "vendor": "Nikola Vasilijevski",
              "versions": [
                {
                  "lessThan": "5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Marcin Wyczechowski [AFINE Team]"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Micha\u0142 Majchrowicz [AFINE Team]"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder.\u0026nbsp;\u003cp\u003eThis issue affects AdmirorFrames: before 5.0.\u003c/p\u003e"
                }
              ],
              "value": "Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder.\u00a0This issue affects AdmirorFrames: before 5.0."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "GREEN",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:L/U:Green",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-28T11:31:42.587Z",
            "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
            "shortName": "CERT-PL"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/en/posts/2024/06/CVE-2024-5735/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/posts/2024/06/CVE-2024-5735/"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/vasiljevski/admirorframes/issues/3"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5735"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://github.com/afine-com/CVE-2024-5735"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Full Path Disclosure in AdmirorFrames Joomla! Extension",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "assignerShortName": "CERT-PL",
        "cveId": "CVE-2024-5735",
        "datePublished": "2024-06-28T11:24:18.916Z",
        "dateReserved": "2024-06-07T06:09:41.563Z",
        "dateUpdated": "2024-08-01T21:18:07.044Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5737 (GCVE-0-2024-5737)

    Vulnerability from cvelistv5 – Published: 2024-06-28 11:29 – Updated: 2024-08-01 21:18
    VLAI
    Title
    HTML Injection in AdmirorFrames Joomla! Extension
    Summary
    Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Nikola Vasilijevski AdmirorFrames Affected: 0 , < 5.0 (custom)
    Create a notification for this product.
    admiror-design-studio admiror_frames Affected: 0 , < 5.0 (custom)
        cpe:2.3:a:admiror-design-studio:admiror_frames:5.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Marcin Wyczechowski [AFINE Team] Michał Majchrowicz [AFINE Team]
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:admiror-design-studio:admiror_frames:5.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "admiror_frames",
                "vendor": "admiror-design-studio",
                "versions": [
                  {
                    "lessThan": "5.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5737",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T21:59:53.619986Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T22:01:41.843Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:18:07.021Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://cert.pl/en/posts/2024/06/CVE-2024-5735/"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://cert.pl/posts/2024/06/CVE-2024-5735/"
              },
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://github.com/vasiljevski/admirorframes/issues/3"
              },
              {
                "tags": [
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5737"
              },
              {
                "tags": [
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://github.com/afine-com/CVE-2024-5737"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.admiror-design-studio.com/admiror-joomla-extensions/admiror-frames",
              "defaultStatus": "unaffected",
              "platforms": [
                "Joomla!"
              ],
              "product": "AdmirorFrames",
              "repo": "https://github.com/vasiljevski/admirorframes",
              "vendor": "Nikola Vasilijevski",
              "versions": [
                {
                  "lessThan": "5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Marcin Wyczechowski [AFINE Team]"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Micha\u0142 Majchrowicz [AFINE Team]"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Script afGdStream.php in\u0026nbsp;AdmirorFrames Joomla! extension doesn\u2019t specify a content type and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML.\u0026nbsp;\u003cp\u003eThis issue affects AdmirorFrames: before 5.0.\u003c/p\u003e"
                }
              ],
              "value": "Script afGdStream.php in\u00a0AdmirorFrames Joomla! extension doesn\u2019t specify a content type and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML.\u00a0This issue affects AdmirorFrames: before 5.0."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "GREEN",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:L/U:Green",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-28T11:31:21.794Z",
            "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
            "shortName": "CERT-PL"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/en/posts/2024/06/CVE-2024-5735/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/posts/2024/06/CVE-2024-5735/"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/vasiljevski/admirorframes/issues/3"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5737"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://github.com/afine-com/CVE-2024-5737"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HTML Injection in AdmirorFrames Joomla! Extension",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "assignerShortName": "CERT-PL",
        "cveId": "CVE-2024-5737",
        "datePublished": "2024-06-28T11:29:03.154Z",
        "dateReserved": "2024-06-07T06:09:43.874Z",
        "dateUpdated": "2024-08-01T21:18:07.021Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5736 (GCVE-0-2024-5736)

    Vulnerability from cvelistv5 – Published: 2024-06-28 11:26 – Updated: 2024-08-01 21:18
    VLAI
    Title
    SSRF in AdmirorFrames Joomla! Extension
    Summary
    Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue affects AdmirorFrames: before 5.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Nikola Vasilijevski AdmirorFrames Affected: 0 , < 5.0 (custom)
    Create a notification for this product.
    Credits
    Marcin Wyczechowski [AFINE Team] Michał Majchrowicz [AFINE Team]
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5736",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-28T20:15:27.174368Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-28T20:15:34.356Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:18:06.930Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://cert.pl/en/posts/2024/06/CVE-2024-5735/"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://cert.pl/posts/2024/06/CVE-2024-5735/"
              },
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://github.com/vasiljevski/admirorframes/issues/3"
              },
              {
                "tags": [
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5736"
              },
              {
                "tags": [
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://github.com/afine-com/CVE-2024-5736"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.admiror-design-studio.com/admiror-joomla-extensions/admiror-frames",
              "defaultStatus": "unaffected",
              "platforms": [
                "Joomla!"
              ],
              "product": "AdmirorFrames",
              "repo": "https://github.com/vasiljevski/admirorframes",
              "vendor": "Nikola Vasilijevski",
              "versions": [
                {
                  "lessThan": "5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Marcin Wyczechowski [AFINE Team]"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Micha\u0142 Majchrowicz [AFINE Team]"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost.\u0026nbsp;\u003cp\u003eThis issue affects AdmirorFrames: before 5.0.\u003c/p\u003e"
                }
              ],
              "value": "Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost.\u00a0This issue affects AdmirorFrames: before 5.0."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "GREEN",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:L/U:Green",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-28T11:47:27.875Z",
            "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
            "shortName": "CERT-PL"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/en/posts/2024/06/CVE-2024-5735/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/posts/2024/06/CVE-2024-5735/"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/vasiljevski/admirorframes/issues/3"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5736"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://github.com/afine-com/CVE-2024-5736"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SSRF in AdmirorFrames Joomla! Extension",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "assignerShortName": "CERT-PL",
        "cveId": "CVE-2024-5736",
        "datePublished": "2024-06-28T11:26:53.512Z",
        "dateReserved": "2024-06-07T06:09:42.924Z",
        "dateUpdated": "2024-08-01T21:18:06.930Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5735 (GCVE-0-2024-5735)

    Vulnerability from cvelistv5 – Published: 2024-06-28 11:24 – Updated: 2024-08-01 21:18
    VLAI
    Title
    Full Path Disclosure in AdmirorFrames Joomla! Extension
    Summary
    Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    Impacted products
    Vendor Product Version
    Nikola Vasilijevski AdmirorFrames Affected: 0 , < 5.0 (custom)
    Create a notification for this product.
    Credits
    Marcin Wyczechowski [AFINE Team] Michał Majchrowicz [AFINE Team]
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5735",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-09T18:28:13.619096Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-09T18:28:24.935Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:18:07.044Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://cert.pl/en/posts/2024/06/CVE-2024-5735/"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://cert.pl/posts/2024/06/CVE-2024-5735/"
              },
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://github.com/vasiljevski/admirorframes/issues/3"
              },
              {
                "tags": [
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5735"
              },
              {
                "tags": [
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://github.com/afine-com/CVE-2024-5735"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.admiror-design-studio.com/admiror-joomla-extensions/admiror-frames",
              "defaultStatus": "unaffected",
              "platforms": [
                "Joomla!"
              ],
              "product": "AdmirorFrames",
              "repo": "https://github.com/vasiljevski/admirorframes",
              "vendor": "Nikola Vasilijevski",
              "versions": [
                {
                  "lessThan": "5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Marcin Wyczechowski [AFINE Team]"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Micha\u0142 Majchrowicz [AFINE Team]"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder.\u0026nbsp;\u003cp\u003eThis issue affects AdmirorFrames: before 5.0.\u003c/p\u003e"
                }
              ],
              "value": "Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder.\u00a0This issue affects AdmirorFrames: before 5.0."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "GREEN",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:L/U:Green",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-28T11:31:42.587Z",
            "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
            "shortName": "CERT-PL"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/en/posts/2024/06/CVE-2024-5735/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/posts/2024/06/CVE-2024-5735/"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/vasiljevski/admirorframes/issues/3"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5735"
            },
            {
              "tags": [
                "technical-description"
              ],
              "url": "https://github.com/afine-com/CVE-2024-5735"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Full Path Disclosure in AdmirorFrames Joomla! Extension",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "assignerShortName": "CERT-PL",
        "cveId": "CVE-2024-5735",
        "datePublished": "2024-06-28T11:24:18.916Z",
        "dateReserved": "2024-06-07T06:09:41.563Z",
        "dateUpdated": "2024-08-01T21:18:07.044Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }