Description

An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers.

Remediation

References

CVE-2017-18195

Related Vulnerabilities

WordPress Plugin GiveWP-Donation and Fundraising Platform Cross-Site Scripting (2.11.3)

WordPress Plugin Zingiri Web Shop 'ajax_save_name.php' Remote Code Execution (2.2.3)

Grafana Missing Authentication for Critical Function Vulnerability (CVE-2019-15043)

WordPress Plugin Responsive Slider-Image Slider-Slideshow for WordPress SQL Injection (2.6.8)

PostgreSQL Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-10208)

Severity

Medium

Classification

CVE-2017-18195 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities