Vulnerability Description
Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Admiror-Design-Studio | Admirorframes | < 5.0 |
Related Weaknesses (CWE)
References
- https://cert.pl/en/posts/2024/06/CVE-2024-5735/Third Party Advisory
- https://cert.pl/posts/2024/06/CVE-2024-5735/Third Party Advisory
- https://github.com/afine-com/CVE-2024-5737ExploitThird Party Advisory
- https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5737ExploitThird Party Advisory
- https://github.com/vasiljevski/admirorframes/issues/3Issue Tracking
- https://cert.pl/en/posts/2024/06/CVE-2024-5735/Third Party Advisory
- https://cert.pl/posts/2024/06/CVE-2024-5735/Third Party Advisory
- https://github.com/afine-com/CVE-2024-5737ExploitThird Party Advisory
- https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5737ExploitThird Party Advisory
- https://github.com/vasiljevski/admirorframes/issues/3Issue Tracking
FAQ
What is CVE-2024-5737?
CVE-2024-5737 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is ren...
How severe is CVE-2024-5737?
CVE-2024-5737 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-5737?
Check the references section above for vendor advisories and patch information. Affected products include: Admiror-Design-Studio Admirorframes.