Description
An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-2384 Vulnerability (CVE-2013-2384)
MySQL CVE-2016-8318 Vulnerability (CVE-2016-8318)
MongoDb Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2019-20924)
Joomla! Core 1.0.x Multiple Vulnerabilities (1.0.0 - 1.0.12)
Oracle Database Server CVE-2008-2592 Vulnerability (CVE-2008-2592)