CVE-2018-16606

MEDIUM

ProConf < 6.1 - Unauthenticated Insecure Direct Object Reference via Paper ID Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-16606. PoCs published by ub3rsick.

AI-analyzed exploit summary This exploit describes an Insecure Direct Object Reference (IDOR) vulnerability in ProConf 6.0, allowing unauthorized access to paper details and author information by manipulating the 'pid' parameter. It provides a step-by-step proof-of-concept but lacks executable code.

Description

In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid parameter).

Exploits (1)

exploitdb WRITEUP
by ub3rsick · textwebappsmultiple
https://www.exploit-db.com/exploits/52236

This exploit describes an Insecure Direct Object Reference (IDOR) vulnerability in ProConf 6.0, allowing unauthorized access to paper details and author information by manipulating the 'pid' parameter. It provides a step-by-step proof-of-concept but lacks executable code.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: ProConf <= 6.0
Auth required
Prerequisites: Valid author credentials · Access to the conference submission system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 6.5
EPSS 0.0745
EPSS Percentile 92.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-639
Status published
Products (1)
proconf/proconf < 6.1
Published Sep 06, 2018
Tracked Since Feb 18, 2026