CVE-2004-2061

CRITICAL

RiSearch and RiSearch Pro - Server-Side Request Forgery via show.pl URL Parameter

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2004-2061. PoCs published by Phil Robinson.

AI-analyzed exploit summary The exploit demonstrates an open proxy vulnerability in RiSearch and RiSearch Pro due to insufficient sanitization of user-supplied URI parameters. Attackers can leverage this to proxy requests to internal or external services, potentially leading to SSRF attacks.

Description

RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Phil Robinson · textremotecgi
https://www.exploit-db.com/exploits/24326

The exploit demonstrates an open proxy vulnerability in RiSearch and RiSearch Pro due to insufficient sanitization of user-supplied URI parameters. Attackers can leverage this to proxy requests to internal or external services, potentially leading to SSRF attacks.

Classification
Working Poc 90%
Attack Type
Ssrf
Complexity
Trivial
Reliability
Reliable
Target: RiSearch and RiSearch Pro
No auth needed
Prerequisites: Access to the vulnerable CGI script
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Phil Robinson · textremotecgi
https://www.exploit-db.com/exploits/24327

The exploit describes an open proxy vulnerability in RiSearch and RiSearch Pro due to insufficient sanitization of URI parameters, allowing an attacker to access local files or launch attacks against other services. The provided example demonstrates a path traversal to read '/etc/passwd'.

Classification
Writeup 80%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: RiSearch and RiSearch Pro
No auth needed
Prerequisites: Access to the vulnerable CGI script
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/8266
Broken Link, Exploit, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10812
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109095196526490&w=2
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1010788
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/12173
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/8265
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16817

Scores

CVSS v3 9.8
EPSS 0.1554
EPSS Percentile 94.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-918
Status published
Products (2)
risearch/risearch 1.0.01
risearch/risearch_pro 3.2.6
Published Jul 27, 2004
Tracked Since Feb 18, 2026