RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2005-05-10T04:00:00
Updated: 2024-08-08T01:15:01.359Z
Reserved: 2005-05-04T00:00:00
Link: CVE-2004-2061
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2004-07-27T04:00:00.000
Modified: 2024-02-08T19:56:07.017
Link: CVE-2004-2061
Redhat
No data.