CVE-2006-5048
published 2006-09-27CVE-2006-5048: Multiple PHP remote file inclusion vulnerabilities in Security Images (com_securityimages) component 3.0.5 and earlier for Joomla! allow remote attackers to…
PriorityP344medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
9.75%
94.9th percentile
Multiple PHP remote file inclusion vulnerabilities in Security Images (com_securityimages) component 3.0.5 and earlier for Joomla! allow remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter in (1) configinsert.php, (2) lang.php, (3) client.php, and (4) server.php.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| waltercedric | com_securityimages | <= 3.0.5 | — |
| waltercedric | com_securityimages | — | — |
| waltercedric | com_securityimages | — | — |
| waltercedric | com_securityimages | — | — |
| waltercedric | com_securityimages | — | — |
| waltercedric | com_securityimages | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Security Images server.php mosConfig_absolute_path code injection (EDB-2083 / Nessus ID 22049)
vuldb·2026-04-23·CVSS 6.8
CVE-2006-5048 [MEDIUM] Security Images server.php mosConfig_absolute_path code injection (EDB-2083 / Nessus ID 22049)
A vulnerability identified as critical has been detected in Security Images. Affected by this issue is some unknown functionality of the file server.php. This manipulation of the argument mosConfig_absolute_path causes code injection.
This vulnerability is registered as CVE-2006-5048. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
You should upgrade the affected component.
VulDB
Security Images lang.php mosConfig_absolute_path code injection (EDB-2083 / Nessus ID 22049)
vuldb·2026-04-23·CVSS 6.8
CVE-2006-5048 [MEDIUM] Security Images lang.php mosConfig_absolute_path code injection (EDB-2083 / Nessus ID 22049)
A vulnerability was found in Security Images. It has been rated as critical. Affected is an unknown function of the file lang.php. The manipulation of the argument mosConfig_absolute_path leads to code injection.
This vulnerability is listed as CVE-2006-5048. The attack may be initiated remotely. In addition, an exploit is available.
Upgrading the affected component is advised.
VulDB
Security Images client.php mosConfig_absolute_path code injection (EDB-2083 / Nessus ID 22049)
vuldb·2026-04-23·CVSS 6.8
CVE-2006-5048 [MEDIUM] Security Images client.php mosConfig_absolute_path code injection (EDB-2083 / Nessus ID 22049)
A vulnerability categorized as critical has been discovered in Security Images. Affected by this vulnerability is an unknown functionality of the file client.php. The manipulation of the argument mosConfig_absolute_path results in code injection.
This vulnerability is cataloged as CVE-2006-5048. The attack may be launched remotely. Furthermore, there is an exploit available.
It is advisable to upgrade the affected component.
VulDB
Waltercedric Com Securityimages up to 3.0.5 configinsert.php mosConfig_absolute_path code injection (EDB-2083 / Nessus ID 22049)
vuldb·2026-04-23·CVSS 6.8
CVE-2006-5048 [MEDIUM] Waltercedric Com Securityimages up to 3.0.5 configinsert.php mosConfig_absolute_path code injection (EDB-2083 / Nessus ID 22049)
A vulnerability classified as critical was found in Waltercedric Com Securityimages up to 3.0.5. This vulnerability affects unknown code of the file configinsert.php. The manipulation of the argument mosConfig_absolute_path results in code injection.
This vulnerability was named CVE-2006-5048. The attack may be performed from remote. In addition, an exploit is available.
GHSA
GHSA-h4ph-6x2m-2wv3: Multiple PHP remote file inclusion vulnerabilities in Security Images (com_securityimages) component 3
ghsa_unreviewed·2022-05-01
CVE-2006-5048 [MEDIUM] CWE-94 GHSA-h4ph-6x2m-2wv3: Multiple PHP remote file inclusion vulnerabilities in Security Images (com_securityimages) component 3
Multiple PHP remote file inclusion vulnerabilities in Security Images (com_securityimages) component 3.0.5 and earlier for Joomla! allow remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter in (1) configinsert.php, (2) lang.php, (3) client.php, and (4) server.php.
No detection rules found.
No writeups or analysis indexed.
http://forum.joomla.org/index.php/topic%2C79477.0.htmlhttp://forum.joomla.org/index.php/topic%2C81589.0.htmlhttp://secunia.com/advisories/21260http://www.osvdb.org/27655http://www.osvdb.org/27656http://www.osvdb.org/27657http://www.osvdb.org/27658http://www.securityfocus.com/bid/19217http://www.vupen.com/english/advisories/2006/3062https://exchange.xforce.ibmcloud.com/vulnerabilities/28078https://www.exploit-db.com/exploits/2083http://forum.joomla.org/index.php/topic%2C79477.0.htmlhttp://forum.joomla.org/index.php/topic%2C81589.0.htmlhttp://secunia.com/advisories/21260http://www.osvdb.org/27655http://www.osvdb.org/27656http://www.osvdb.org/27657http://www.osvdb.org/27658http://www.securityfocus.com/bid/19217http://www.vupen.com/english/advisories/2006/3062https://exchange.xforce.ibmcloud.com/vulnerabilities/28078https://www.exploit-db.com/exploits/2083
2006-09-27
Published