CVE DATABASE / CVE-2004-2061
CVE-2004-2061
CVSS 9.8 · CRITICAL
Summary
RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL.
CVSS 3.1 breakdown
| Base score | 9.8 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Risearch risearchRisearch risearch pro
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://marc.info/?l=bugtraq&m=109095196526490&w=2
- http://secunia.com/advisories/12173
- http://securitytracker.com/id?1010788
- http://www.osvdb.org/8265
- http://www.osvdb.org/8266
- http://www.securityfocus.com/bid/10812
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16817
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.