CVE-2006-5232

iSearch 2.16 - Remote File Inclusion via isearch_path Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5232. PoCs published by MoHaNdKo.

AI-analyzed exploit summary The provided text describes a retired remote file inclusion vulnerability in iSearch 2.16 and prior, but lacks actual exploit code. The BID is marked as non-vulnerable, indicating no working PoC exists.

Description

Multiple PHP remote file inclusion vulnerabilities in iSearch 2.16 allow remote attackers to execute arbitrary PHP code via a URL in the isearch_path parameter in (1) index.php, (2) viewcache.php, (3) sitemap.php, (4) isearch.inc.php, (5) google_sitemap.php, (6) stats.php, or (7) auto_spider_img.php. NOTE: this issue has been disputed by a third party who shows that $isearch_path is set to a constant value. CVE analysis as of 20061010 is inconclusive, although the original researcher is known to make mistakes

Exploits (1)

exploitdb WRITEUP VERIFIED
by MoHaNdKo · textwebappsphp
https://www.exploit-db.com/exploits/28772

The provided text describes a retired remote file inclusion vulnerability in iSearch 2.16 and prior, but lacks actual exploit code. The BID is marked as non-vulnerable, indicating no working PoC exists.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: iSearch <= 2.16
No auth needed
Prerequisites: PHP remote file inclusion enabled · Allow_url_include=On
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29402
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/448225/100/100/threaded
Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/448099/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/448006/100/0/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20401

Scores

EPSS 0.0274
EPSS Percentile 84.2%

Details

Status published
Products (1)
isearch/isearch 2.16
Published Oct 11, 2006
Tracked Since Feb 18, 2026