| |
Vulnerability CVE-2018-16606
Published: 2018-09-06
| Description: |
In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid parameter). |
See advisories in our WLB2 database: | Topic | Author | Date |
Med. |
| S. M. Zia Ur Ras... | 07.09.2018 |
Type:
CWE-200 (Information Exposure)
CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4/10 |
2.9/10 |
8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
None |
None |
References: |
https://blog.ziaurrashid.com/idor-on-proconf-peer-reviewand-conference-management-system/
https://packetstormsecurity.com/files/149259/IDOR-On-ProConf-Peer-Review-And-Conference-Management-6.0-File-Disclosure.html
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
