RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote malicious users to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) , (2) ftp://, or (3) file:// URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
risearch risearch 1.0.01 |
||
risearch risearch pro 3.2.6 |