CVE-2024-5736
Published: 28 June 2024
Summary
CVE-2024-5736 is a high-severity SSRF (CWE-918) vulnerability in Admiror-Design-Studio Admirorframes. Its CVSS base score is 8.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique System Service Discovery (T1007); ranked in the top 3.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
The vulnerability is a Server Side Request Forgery (SSRF) flaw, tracked as CVE-2024-5736 and assigned CWE-918, that resides in the afGdStream.php script of the AdmirorFrames Joomla! extension. It affects all versions prior to 5.0 and permits an attacker to reach local files or pages that are normally restricted to localhost access.
An unauthenticated remote attacker can supply crafted requests to the vulnerable script, bypassing network controls to retrieve sensitive local resources or internal server content without requiring user interaction or elevated privileges. The CVSS 4.0 score of 8.2 reflects the high confidentiality impact combined with the attack complexity and network reachability.
Public references, including CERT.pl advisories and GitHub repositories maintained by afine-com and sectroyer, document the issue and point to the 5.0 release as the corrective version; administrators should upgrade the extension and restrict access to the affected script where possible. The associated EPSS score has remained flat at 0.2882 since disclosure, indicating no material increase in observed exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-46897
- 🇵🇱 CERT-PL: cert.pl
- 🇵🇱 CERT-PL: cert.pl
Vulnerability details
Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue affects AdmirorFrames: before 5.0.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF in public-facing Joomla extension enables exploitation (T1190), local file access for file discovery (T1083), and localhost service probing for system service discovery (T1007).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Penetration testing attempts server-side requests to internal resources, identifying SSRF weaknesses for remediation.
Outbound connections to external resources can be monitored and limited at the boundary, reducing SSRF impact.
Validates server-side URLs and resource references to block SSRF attempts.
Detects server-side request forgery through monitoring of unexpected outbound connections.