CVE-2018-16606
CVE-2018-16606
Vexday Risk Score
23Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS —EPSS 5.9%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
06 Sep 2018Published on NVD
16 Apr 2025Public PoC
Weaponization speed
2413 daysto first PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid parameter).
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/149259/IDOR-On-ProConf-Peer-Review-And-Conference-Management-6.0-File-Disclosure.htmlunverifiedexploitdbwww.exploit-db.com/exploits/52236unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.