Vulnerability Details : CVE-2018-16606
In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid parameter).
Products affected by CVE-2018-16606
- cpe:2.3:a:proconf:proconf:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-16606
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 37 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-16606
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2018-16606
-
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-16606
-
https://packetstormsecurity.com/files/149259/IDOR-On-ProConf-Peer-Review-And-Conference-Management-6.0-File-Disclosure.html
IDOR On ProConf Peer-Review And Conference Management 6.0 File Disclosure ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://blog.ziaurrashid.com/idor-on-proconf-peer-reviewand-conference-management-system/
IDOR on ProConf Peer-Review and Conference Management System » InfoSec BlogExploit;Third Party Advisory
Jump to