Insecure Direct Object Reference (IDOR) vulnerability in ProConf before 6.1 allows unauthorized access to submitted papers and personal information.

Insecure Direct Object Reference (IDOR) vulnerability in ProConf before 6.1 allows unauthorized access to submitted papers and personal information.

CVE-2018-16606 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid parameter).

Learn more about our Web Application Penetration Testing UK.