7.5
CVE-2024-5735
- EPSS 1.52%
- Veröffentlicht 28.06.2024 12:15:10
- Zuletzt bearbeitet 21.11.2024 09:48:15
- Quelle cvd@cert.pl
- CVE-Watchlists
- Unerledigt
LoginFull Path Disclosure in AdmirorFrames Joomla! Extension
Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Admiror-design-studio ≫ Admirorframes SwPlatformjoomla! Version < 5.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.52% | 0.712 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| cvd@cert.pl | 6.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:L/U:Green
|
CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
https://cert.pl/en/posts/2024/06/CVE-2024-5735/
https://cert.pl/posts/2024/06/CVE-2024-5735/
https://github.com/afine-com/CVE-2024-5735
https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5735
https://github.com/vasiljevski/admirorframes/issues/3