Description
An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers.
Remediation
References
Related Vulnerabilities
WordPress Plugin Note Press SQL Injection (0.1.1)
WordPress Plugin W3 Total Cache Arbitrary File Disclosure (0.9.3)
WordPress Plugin Print, PDF, Email by PrintFriendly Multiple Unspecified Vulnerabilities (3.5.2)
WordPress Plugin Wp-Insert Cross-Site Scripting (2.5.0)
WordPress Plugin Csv2WPeC Coupon Arbitrary File Upload (1.1)