RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL.
Software | From | Fixed in |
---|---|---|
risearch / risearch | 1.0.01 | 1.0.01.x |
risearch / risearch_pro | 3.2.6 | 3.2.6.x |