Description
An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers.
Remediation
References
Related Vulnerabilities
WordPress Plugin Active Directory Integration/LDAP Integration Unspecified Vulnerability (3.6.95)
WordPress Plugin Category Grid View Gallery TimThumb Arbitrary File Upload (0.1.1)
Plone CMS Improper Access Control Vulnerability (CVE-2015-7315)
WordPress Plugin Contact Form 7 International Sms Integration Cross-Site Scripting (1.2)