CVE-2006-5232

Name of the Vulnerable Software and Affected Versions iSearch version 2.16

Description The issue concerns remote file inclusion vulnerabilities that could allow remote attackers to execute arbitrary PHP code. This is achieved by providing a URL in the isearch path parameter within various PHP files, including 'index.php', 'viewcache.php', 'sitemap.php', 'isearch.inc.php', 'google sitemap.php', 'stats.php', and 'auto spider img.php'. However, the validity of this issue has been disputed, with evidence suggesting that the $isearch path is set to a constant value, thus potentially mitigating the vulnerability.

Recommendations For iSearch version 2.16, consider restricting access to the isearch path parameter in the affected PHP files until a conclusive resolution is determined. As a temporary workaround, review the code to ensure $isearch path is indeed set to a constant value to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.