QwikSec

Security Database

CVE

CWE

Training

CVE-2017-18195

Published: Feb 26, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/r3naissance/NSE/blob/master/http-vuln-cve2017-18195.nse

x_refsource_MISC

https://github.com/concrete5/concrete5/pull/6008/files

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

https://github.com/concrete5/concrete5/releases/tag/8.3.0

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.