Vulnerability Details CVE-2018-16606
In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid parameter).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.033
EPSS Ranking 87.0%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- https://blog.ziaurrashid.com/idor-on-proconf-peer-reviewand-conference-management-system/
- https://packetstormsecurity.com/files/149259/IDOR-On-ProConf-Peer-Review-And-Conference-Management-6.0-File-Disclosure.html
- https://blog.ziaurrashid.com/idor-on-proconf-peer-reviewand-conference-management-system/
- https://packetstormsecurity.com/files/149259/IDOR-On-ProConf-Peer-Review-And-Conference-Management-6.0-File-Disclosure.html
Products affected by CVE-2018-16606
-
cpe:2.3:a:proconf:proconf:2.3.2
-
cpe:2.3:a:proconf:proconf:2.5
-
cpe:2.3:a:proconf:proconf:2.7
-
cpe:2.3:a:proconf:proconf:3.0
-
cpe:2.3:a:proconf:proconf:4.0
-
cpe:2.3:a:proconf:proconf:5.0
-
cpe:2.3:a:proconf:proconf:5.2
-
cpe:2.3:a:proconf:proconf:5.6
-
cpe:2.3:a:proconf:proconf:5.8
-
cpe:2.3:a:proconf:proconf:6.0