Vulnerabilities > CVE-2017-18195 - Unspecified vulnerability in Concretecms Concrete CMS

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

concretecms

exploit available

NVD

Published: 2018-02-26

Updated: 2021-11-01

Summary

An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers.

Vulnerable Configurations

Part	Description	Count
Application	Concretecms Concretecms Concrete CMS 5.4.1.1 Concretecms Concrete CMS 5.4.2 Concretecms Concrete CMS 5.4.2.1 Concretecms Concrete CMS 5.4.2.2 Concretecms Concrete CMS 5.6.1 Concretecms Concrete CMS 5.6.1.1 Concretecms Concrete CMS 5.6.1.2 Concretecms Concrete CMS 5.6.2 Concretecms Concrete CMS 5.6.2.1 Concretecms Concrete CMS 5.6.3 Concretecms Concrete CMS 5.6.3.1 Concretecms Concrete CMS 5.6.3.3 Concretecms Concrete CMS 5.6.3.4 Concretecms Concrete CMS 5.6.3.5 Concretecms Concrete CMS 5.6.4.0 Concretecms Concrete CMS 5.7.0 Concretecms Concrete CMS 5.7.0.1 Concretecms Concrete CMS 5.7.0.3 Concretecms Concrete CMS 5.7.0.4 Concretecms Concrete CMS 5.7.1 Concretecms Concrete CMS 5.7.2 Concretecms Concrete CMS 5.7.2.1 Concretecms Concrete CMS 5.7.3 Concretecms Concrete CMS 5.7.3.1 Concretecms Concrete CMS 5.7.4 Concretecms Concrete CMS 5.7.4.1 Concretecms Concrete CMS 5.7.4.2 Concretecms Concrete CMS 5.7.5 Concretecms Concrete CMS 5.7.5.1 Concretecms Concrete CMS 5.7.5.2 Concretecms Concrete CMS 5.7.5.3 Concretecms Concrete CMS 5.7.5.4 Concretecms Concrete CMS 5.7.5.5 Concretecms Concrete CMS 5.7.5.6 Concretecms Concrete CMS 5.7.5.7 Concretecms Concrete CMS 5.7.5.8 Concretecms Concrete CMS 5.7.5.9 Concretecms Concrete CMS 5.7.5.10 Concretecms Concrete CMS 5.7.5.11 Concretecms Concrete CMS 5.7.5.12 Concretecms Concrete CMS 5.7.5.13 Concretecms Concrete CMS 5.8.1.0 Concretecms Concrete CMS 5.8.2.0 Concretecms Concrete CMS 8.0 Concretecms Concrete CMS 8.0.1 Concretecms Concrete CMS 8.0.2 Concretecms Concrete CMS 8.0.3 Concretecms Concrete CMS 8.1.0 Concretecms Concrete CMS 8.2.0 Concretecms Concrete CMS 8.2.1	51

Exploit-Db

description	Concrete5 < 8.3.0 - Username / Comments Enumeration. CVE-2017-18195. Webapps exploit for PHP platform
file	exploits/php/webapps/44194.py
id	EDB-ID:44194
last seen	2018-02-27
modified	2018-02-27
platform	php
port
published	2018-02-27
reporter	Exploit-DB
source	https://www.exploit-db.com/download/44194/
title	Concrete5 < 8.3.0 - Username / Comments Enumeration
type	webapps

Packetstorm

data source	https://packetstormsecurity.com/files/download/146598/concrete5-enumerate.txt
id	PACKETSTORM:146598
last seen	2018-03-01
published	2018-02-27
reporter	Chapman Schleiss
source	https://packetstormsecurity.com/files/146598/Concrete5-Username-Comments-Enumeration.html
title	Concrete5 Username / Comments Enumeration

Summary

Vulnerable Configurations

Exploit-Db

Packetstorm

References