PT-2004-2957 · Isearch · Isearch+1
Published
2004-07-27
·
Updated
2024-02-08
·
CVE-2004-2061
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
RiSearch version 1.0.01
RiSearch Pro version 3.2.06
Description
The issue allows remote attackers to use the show.pl script as an open proxy or read arbitrary local files by setting the
url parameter to a http://, ftp://, or file:// URL.Recommendations
For RiSearch version 1.0.01, restrict access to the show.pl script to minimize the risk of exploitation.
For RiSearch Pro version 3.2.06, avoid using the
url parameter in the show.pl script until the issue is resolved.
As a temporary workaround, consider disabling the show.pl script until a patch is available.Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Isearch
Risearch Pro