Sectroyer

Name of the Vulnerable Software and Affected Versions: AdmirorFrames versions prior to 5.0 Description: The issue allows an unauthorized attacker to retrieve the location of the web root folder due to a Full Path Disclosure vulnerability in the afHelper.php script of the AdmirorFrames Joomla! extension. Recommendations: For versions prior to 5.0, update to version 5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the afHelper.php script until a patch is available.

Name of the Vulnerable Software and Affected Versions: AdmirorFrames versions prior to 5.0 Description: The issue is related to a Server Side Request Forgery (SSRF) vulnerability in the AdmirorFrames Joomla! extension, specifically in the afGdStream.php script. This vulnerability allows access to local files or server pages that are only available from localhost. Recommendations: For versions prior to 5.0, update to version 5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the afGdStream.php script until a patch is available.

Name of the Vulnerable Software and Affected Versions: AdmirorFrames versions prior to 5.0 Description: The issue affects the AdmirorFrames Joomla! extension, specifically the afGdStream.php script, which fails to specify a content type, resulting in the default text/html type being used. This allows an attacker to embed HTML tags directly in image data, which can be rendered by a webpage as HTML. Recommendations: For versions prior to 5.0, update to version 5.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the afGdStream.php script until a patch is available.

**Name of the Vulnerable Software and Affected Versions** elFinder versions prior to 2.1.62 **Description** The issue allows path traversal in the PHP LocalVolumeDriver connector due to incomplete validity checking of supplied request parameters. This can be exploited by allowing untrusted users to write to the local file system. **Recommendations** For versions prior to 2.1.62, update to elFinder version 2.1.62 as soon as possible to fix the issue. If you cannot update for some reason, consider stopping the use of the vulnerable connector or prohibit writing to untrusted users.