CVE-2006-5048

Published Sep 27, 2006

Last updated 3 months ago

CVSS info 6.8

Overview

Description: Multiple PHP remote file inclusion vulnerabilities in Security Images (com_securityimages) component 3.0.5 and earlier for Joomla! allow remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter in (1) configinsert.php, (2) lang.php, (3) client.php, and (4) server.php.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-94

Hype score: Not currently trending

Evaluator

Comment: -
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:waltercedric:com_securityimages:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFF00748-6CAF-4E9D-A92B-37E77C96636A",
            "versionEndIncluding": "3.0.5"
          },
          {
            "criteria": "cpe:2.3:a:waltercedric:com_securityimages:2.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1573A25-751D-4C84-9275-4F7F75E91BEC"
          },
          {
            "criteria": "cpe:2.3:a:waltercedric:com_securityimages:2.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9D4B123-6270-44CA-B4B7-9FBEF145E4C5"
          },
          {
            "criteria": "cpe:2.3:a:waltercedric:com_securityimages:3.00:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4129EE47-1BA1-4C49-B2F9-0B6522FE2DC9"
          },
          {
            "criteria": "cpe:2.3:a:waltercedric:com_securityimages:3.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F008CF10-A23A-4B56-8773-5627DB4ACE0C"
          },
          {
            "criteria": "cpe:2.3:a:waltercedric:com_securityimages:3.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D0F908C-6B8F-411E-9A0E-1F73F4B7C436"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2AC7400C-F6AF-4B5E-A34B-0222F94DCC46"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References