| CVE ID | CVE-2024-5735 |
| Publication date | 28 June 2024 |
| Vendor | Nikola Vasilijevski |
| Product | AdmirorFrames |
| Vulnerable versions | All before 5.0 |
| Vulnerability type (CWE) | Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) |
| Report source | Report to CERT Polska |
| CVE ID | CVE-2024-5736 |
| Publication date | 28 June 2024 |
| Vendor | Nikola Vasilijevski |
| Product | AdmirorFrames |
| Vulnerable versions | All before 5.0 |
| Vulnerability type (CWE) | Server-Side Request Forgery (SSRF) (CWE-918) |
| Report source | Report to CERT Polska |
| CVE ID | CVE-2024-5737 |
| Publication date | 28 June 2024 |
| Vendor | Nikola Vasilijevski |
| Product | AdmirorFrames |
| Vulnerable versions | All before 5.0 |
| Vulnerability type (CWE) | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') (CWE-79) |
| Report source | Report to CERT Polska |
Description
CERT Polska has received a report about vulnerabilities in AdmirorFrames Joomla! extension and participated in coordination of their disclosure.
The vulnerability CVE-2024-5735 is a Full Path Disclosure vulnerability in afHelper.php script, that allows to retrieve location of web root folder.
The vulnerability CVE-2024-5736 is a Server Side Request Forgery (SSRF) vulnerability in afGdStream.php script, that allows to access server pages available only from localhost or other local files.
The vulnerability CVE-2024-5737 is caused by script afGdStream.php, which does not specify a Content-Type header value and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML.
These issues affect AdmirorFrames Joomla! extension in versions before 5.0.
Credits
We thank Marcin Wyczechowski and Michał Majchrowicz from AFINE Team for the responsible vulnerability report.
More about the coordinated vulnerability disclosure process at CERT Polska can be found at https://cert.pl/en/cvd/.