CVE-2018-16606

Опубликовано: 06 сент. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid parameter).

Ссылки

https://blog.ziaurrashid.com/idor-on-proconf-peer-reviewand-conference-management-system/
Exploit
Third Party Advisory
https://packetstormsecurity.com/files/149259/IDOR-On-ProConf-Peer-Review-And-Conference-Management-6.0-File-Disclosure.html
Exploit
Third Party Advisory
VDB Entry
https://blog.ziaurrashid.com/idor-on-proconf-peer-reviewand-conference-management-system/
Exploit
Third Party Advisory
https://packetstormsecurity.com/files/149259/IDOR-On-ProConf-Peer-Review-And-Conference-Management-6.0-File-Disclosure.html
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:proconf:proconf:*:*:*:*:*:*:*:*

Версия до 6.1 (исключая)

EPSS

Процентиль: 87%

0.03343

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-639

Связанные уязвимости

GHSA-82m2-m9pg-5cpp