VYPR

AdmirorFrames

by AdmirorFrames

CVEs (3)

  • CVE-2024-5736HigJun 28, 2024
    risk 0.49cvss 7.5epss 0.01

    Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue affects AdmirorFrames: before 5.0.

  • CVE-2024-5735HigJun 28, 2024
    risk 0.49cvss 7.5epss 0.02

    Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0.

  • CVE-2024-5737MedJun 28, 2024
    risk 0.40cvss 6.1epss 0.01

    Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0.