CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 2CVE-2024-5736 – SSRF in AdmirorFrames Joomla! Extension
https://notcve.org/view.php?id=CVE-2024-5736
Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue affects AdmirorFrames: before 5.0. Vulnerabilidad de Server Side Request Forgery (SSRF) en AdmirorFrames Joomla! La extensión en el script afGdStream.php permite acceder a archivos locales o páginas del servidor disponibles solo desde localhost. • https://github.com/afine-com/CVE-2024-5736 https://cert.pl/en/posts/2024/06/CVE-2024-5735 https://cert.pl/posts/2024/06/CVE-2024-5735 https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5736 https://github.com/vasiljevski/admirorframes/issues/3 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2024-5735 – Full Path Disclosure in AdmirorFrames Joomla! Extension
https://notcve.org/view.php?id=CVE-2024-5735
Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0. Vulnerabilidad de divulgación de ruta completa en AdmirorFrames Joomla! La extensión en el script afHelper.php permite a un atacante no autorizado recuperar la ubicación de la carpeta raíz web. • https://github.com/afine-com/CVE-2024-5735 https://cert.pl/en/posts/2024/06/CVE-2024-5735 https://cert.pl/posts/2024/06/CVE-2024-5735 https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5735 https://github.com/vasiljevski/admirorframes/issues/3 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38045 – Extension - admiror-design-studio.com - XSS in Admiror Gallery component for Joomla 5.0.0-5.2.0
https://notcve.org/view.php?id=CVE-2023-38045
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements. • https://extensions.joomla.org/extension/admiror-gallery • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •