CVE-2017-18195

MEDIUM

Concrete CMS < 8.3.0 - Unauthenticated Comment Enumeration via cnvID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-18195. PoCs published by Chapman Schleiss.

AI-analyzed exploit summary This script exploits an IDOR vulnerability in Concrete5 CMS versions prior to 8.3, allowing unauthorized enumeration of comments by manipulating the 'cnvID' parameter. It uses multi-threading to efficiently scan a range of conversation IDs and extracts usernames and messages from the responses.

Description

An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers.

Exploits (1)

exploitdb WORKING POC

by Chapman Schleiss · pythonwebappsphp

https://www.exploit-db.com/exploits/44194

View Code ZIP pw:eip

This script exploits an IDOR vulnerability in Concrete5 CMS versions prior to 8.3, allowing unauthorized enumeration of comments by manipulating the 'cnvID' parameter. It uses multi-threading to efficiently scan a range of conversation IDs and extracts usernames and messages from the responses.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Concrete5 CMS < 8.3

No auth needed

Prerequisites: Target URL with vulnerable endpoint · Network access to the target

MITRE ATT&CK