Описание
RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL.
Ссылки
- Mailing List
- Broken LinkVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken Link
- Broken Link
- Broken LinkExploitThird Party AdvisoryVDB EntryVendor Advisory
- Third Party AdvisoryVDB Entry
- Mailing List
- Broken LinkVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken Link
- Broken Link
- Broken LinkExploitThird Party AdvisoryVDB EntryVendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:risearch:risearch:1.0.01:*:*:*:*:*:*:*
cpe:2.3:a:risearch:risearch_pro:3.2.6:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.15542
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 9.8
github
почти 4 года назад
RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL.
EPSS
Процентиль: 94%
0.15542
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-918