Vulnerabilities > CVE-2018-16606 - Authorization Bypass Through User-Controlled Key vulnerability in Proconf

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

proconf

CWE-639

NVD

Published: 2018-09-06

Updated: 2020-08-24

Summary

In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid parameter).

Vulnerable Configurations

Part	Description	Count
Application	Proconf Proconf Proconf 2.3.2 Proconf Proconf 2.5 Proconf Proconf 2.7 Proconf Proconf 3.0 Proconf Proconf 4.0 Proconf Proconf 5.0 Proconf Proconf 5.2 Proconf Proconf 5.6 Proconf Proconf 5.8 Proconf Proconf 6.0	10

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

Packetstorm

data source	https://packetstormsecurity.com/files/download/149259/idorproconf60-disclose.txt
id	PACKETSTORM:149259
last seen	2018-09-07
published	2018-09-06
reporter	S. M. Zia Ur Rashid
source	https://packetstormsecurity.com/files/149259/IDOR-On-ProConf-Peer-Review-And-Conference-Management-6.0-File-Disclosure.html
title	IDOR On ProConf Peer-Review And Conference Management 6.0 File Disclosure

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Packetstorm

References