CVE-2006-5232: Multiple PHP remote file inclusion vulnerabilities in iSearch 2.16 allow remote attackers to execute arbitrary PHP code via a URL in the isearch_path ...

Description

Multiple PHP remote file inclusion vulnerabilities in iSearch 2.16 allow remote attackers to execute arbitrary PHP code via a URL in the isearch_path parameter in (1) index.php, (2) viewcache.php, (3) sitemap.php, (4) isearch.inc.php, (5) google_sitemap.php, (6) stats.php, or (7) auto_spider_img.php. NOTE: this issue has been disputed by a third party who shows that $isearch_path is set to a constant value. CVE analysis as of 20061010 is inconclusive, although the original researcher is known to make mistakes

Metrics

EPSS Probability

2.74%

84.3th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Isearch	Isearch	2.16

References

Timeline

Published: Oct 11, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-5232?

Multiple PHP remote file inclusion vulnerabilities in iSearch 2.16 allow remote attackers to execute arbitrary PHP code via a URL in the isearch_path parameter in (1) index.php, (2) viewcache.php, (3) sitemap.php, (4) isearch.inc.php, (5) google_sitemap.php, (6) stats.php, or (7) auto_spider_img.php. NOTE: this issue has been disputed by a third party who shows that $isearch_path is set to a constant value. CVE analysis as of 20061010 is inconclusive, although the original researcher is known to make mistakes

How severe is CVE-2006-5232?

Severity scoring for CVE-2006-5232 is pending analysis. The EPSS model estimates a 2.74% probability of exploitation in the next 30 days.

How do I fix CVE-2006-5232?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.