Security Advisory

CVE-2017-18195

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-02-26 17:00:00

Last updated 2024-08-05 21:13:49

Assigner mitre

State PUBLISHED

Description

An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental cnvID integers.

← Browse all CVEs View on cve.org ↗