Medium severity5.3OSV Advisory· Published Feb 26, 2018· Updated Jun 17, 2026
CVE-2017-18195
CVE-2017-18195
Description
An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/concrete5/concrete5/pull/6008/filesnvdPatchThird Party Advisory
- github.com/r3naissance/NSE/blob/master/http-vuln-cve2017-18195.nsenvdExploitThird Party Advisory
- www.exploit-db.com/exploits/44194/nvdExploitThird Party AdvisoryVDB Entry
- github.com/concrete5/concrete5/releases/tag/8.3.0nvdRelease NotesThird Party Advisory
News mentions
0No linked articles in our index yet.