6.5
CVSSv3

CVE-2018-16606

CVSSv4: NA | CVSSv3: 6.5 | CVSSv2: 4 | VMScore: 750 | EPSS: 0.00084 | KEV: Not Included
Published: 06/09/2018 Updated: 21/11/2024

Vulnerability Summary

In ProConf prior to 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid parameter).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

proconf proconf

Exploits

IDOR on ProConf Peer-Review and Conference Management versions 60 and below suffer from an insecure direct object reference vulnerability that allows for file disclosure ...