CVE-2021-37777

HIGH

Gila CMS 2.2.0 - Insecure Direct Object Reference via Thumbnail Upload

Title source: llm
STIX 2.1

Description

Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.navidkagalwalla.com/gila-cms-vulnerabilities

Scores

CVSS v3 7.5
EPSS 0.0165
EPSS Percentile 73.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-639
Status published
Products (1)
gilacms/gila_cms 2.2.0
Published Oct 04, 2021
Tracked Since Feb 18, 2026