CVE-2018-16606

Name of the Vulnerable Software and Affected Versions ProConf versions prior to 6.1

Description The issue allows any author to access and retrieve all submitted papers, including their titles, abstracts, and authors' personal information such as name, email, organization, and position. This is achieved by modifying the pid parameter, which is an example of an Insecure Direct Object Reference (IDOR).

Recommendations For versions prior to 6.1, update to version 6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the pid parameter to prevent unauthorized access to sensitive information.