Vulnerability Details CVE-2018-16606
In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid parameter).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.058
EPSS Ranking 90.1%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- https://blog.ziaurrashid.com/idor-on-proconf-peer-reviewand-conference-management-system/
- https://packetstormsecurity.com/files/149259/IDOR-On-ProConf-Peer-Review-And-Conference-Management-6.0-File-Disclosure.html
- https://blog.ziaurrashid.com/idor-on-proconf-peer-reviewand-conference-management-system/
- https://packetstormsecurity.com/files/149259/IDOR-On-ProConf-Peer-Review-And-Conference-Management-6.0-File-Disclosure.html
Products affected by CVE-2018-16606
-
cpe:2.3:a:proconf:proconf:2.3.2
-
cpe:2.3:a:proconf:proconf:2.5
-
cpe:2.3:a:proconf:proconf:2.7
-
cpe:2.3:a:proconf:proconf:3.0
-
cpe:2.3:a:proconf:proconf:4.0
-
cpe:2.3:a:proconf:proconf:5.0
-
cpe:2.3:a:proconf:proconf:5.2
-
cpe:2.3:a:proconf:proconf:5.6
-
cpe:2.3:a:proconf:proconf:5.8
-
cpe:2.3:a:proconf:proconf:6.0