CVE-2018-16606

MEDIUM

Proconf < 6.1 - IDOR

Title source: rule

Description

In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid parameter).

Exploits (1)

exploitdb WRITEUP

by ub3rsick · textwebappsmultiple

https://www.exploit-db.com/exploits/52236

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://blog.ziaurrashid.com/idor-on-proconf-peer-reviewand-conference-management-system/

[Exploit, Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/149259/IDOR-On-ProConf-Peer-Review-And-Conference-Management-6.0-File-Disclosure.html

Scores

CVSS v3 6.5

EPSS 0.0318

EPSS Percentile 87.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-639

Status published

Products (1)

proconf/proconf < 6.1

Published Sep 06, 2018

Tracked Since Feb 18, 2026