CVE-2006-7017

Name of the Vulnerable Software and Affected Versions Indexu version 5.0.1

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the admin template path parameter to various admin scripts. This affects multiple scripts, including but not limited to, app change email.php, app change pwd.php, app mod rewrite.php, and others. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For Indexu version 5.0.1, consider disabling the admin template path parameter in the affected admin scripts until a patch is available. Restrict access to these scripts to minimize the risk of exploitation. Avoid using the admin template path parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.