RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Risearch | Risearch_software | 0.99.1 | 0.99.1 |
Risearch | Risearch_software | 0.99.2 | 0.99.2 |
Risearch | Risearch_software | 0.99.3 | 0.99.3 |
Risearch | Risearch_software | 0.99.4 | 0.99.4 |
Risearch | Risearch_software | 0.99.5 | 0.99.5 |
Risearch | Risearch_software | 0.99.6 | 0.99.6 |
Risearch | Risearch_software | 0.99.7 | 0.99.7 |
Risearch | Risearch_software | 0.99.8 | 0.99.8 |
Risearch_pro | Risearch_software | 3.2.6 | 3.2.6 |