Admirorframes

admirorframes

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-5737 1Admiror Design Studio 1Admirorframes Nov 21, 2024 Jun 28, 2024 6.3 MEDIUM· v4 6.1 MEDIUM· v3 N/A· v2 Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage a...Show more Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0.Show less
CVE-2024-5736 1Admiror Design Studio 1Admirorframes Nov 21, 2024 Jun 28, 2024 8.2 HIGH· v4 7.5 HIGH· v3 N/A· v2 Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue affects AdmirorFrames: b...Show more Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue affects AdmirorFrames: before 5.0.Show less
CVE-2024-5735 1Admiror Design Studio 1Admirorframes Nov 21, 2024 Jun 28, 2024 6.3 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0.