Cyber Resilience

CVE-2024-5736

HighPublic PoC

Published: 28 June 2024

Published
28 June 2024
Modified
21 November 2024
KEV Added
Patch
CVSS Score v4 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:L/U:Green
EPSS Score 0.2882 96.7th percentile
Risk Priority 34 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-5736 is a high-severity SSRF (CWE-918) vulnerability in Admiror-Design-Studio Admirorframes. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique System Service Discovery (T1007); ranked in the top 3.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

The vulnerability is a Server Side Request Forgery (SSRF) flaw, tracked as CVE-2024-5736 and assigned CWE-918, that resides in the afGdStream.php script of the AdmirorFrames Joomla! extension. It affects all versions prior to 5.0 and permits an attacker to reach local files or pages that are normally restricted to localhost access.

An unauthenticated remote attacker can supply crafted requests to the vulnerable script, bypassing network controls to retrieve sensitive local resources or internal server content without requiring user interaction or elevated privileges. The CVSS 4.0 score of 8.2 reflects the high confidentiality impact combined with the attack complexity and network reachability.

Public references, including CERT.pl advisories and GitHub repositories maintained by afine-com and sectroyer, document the issue and point to the 5.0 release as the corrective version; administrators should upgrade the extension and restrict access to the affected script where possible. The associated EPSS score has remained flat at 0.2882 since disclosure, indicating no material increase in observed exploitation interest.

EU & UK References

Vulnerability details

Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue affects AdmirorFrames: before 5.0.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1007 System Service Discovery Discovery
Adversaries may try to gather information about registered local system services.
T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SSRF in public-facing Joomla extension enables exploitation (T1190), local file access for file discovery (T1083), and localhost service probing for system service discovery (T1007).

Affected Assets

admiror-design-studio
admirorframes
≤ 5.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-918

Penetration testing attempts server-side requests to internal resources, identifying SSRF weaknesses for remediation.

addresses: CWE-918

Outbound connections to external resources can be monitored and limited at the boundary, reducing SSRF impact.

addresses: CWE-918

Validates server-side URLs and resource references to block SSRF attempts.

addresses: CWE-918

Detects server-side request forgery through monitoring of unexpected outbound connections.

References