Vulnerability Description
In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid parameter).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Proconf | Proconf | < 6.1 |
Related Weaknesses (CWE)
References
- https://blog.ziaurrashid.com/idor-on-proconf-peer-reviewand-conference-managemenExploitThird Party Advisory
- https://packetstormsecurity.com/files/149259/IDOR-On-ProConf-Peer-Review-And-ConExploitThird Party AdvisoryVDB Entry
- https://blog.ziaurrashid.com/idor-on-proconf-peer-reviewand-conference-managemenExploitThird Party Advisory
- https://packetstormsecurity.com/files/149259/IDOR-On-ProConf-Peer-Review-And-ConExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2018-16606?
CVE-2018-16606 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Org...
How severe is CVE-2018-16606?
CVE-2018-16606 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-16606?
Check the references section above for vendor advisories and patch information. Affected products include: Proconf Proconf.