concrete5 Improper Input Validation Vulnerability - CVE-2017-18195 - Vulnerability Database

concrete5 Improper Input Validation Vulnerability - CVE-2017-18195

Medium

Reference: CVE-2017-18195

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2017-18195

Title: concrete5 Improper Input Validation Vulnerability

Overview:

An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 39cnvID39 integers.