Description

Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure.

Related CPE's

a

gilacms

gila_cms

2.2.0

Vulnerable

References

https://www.navidkagalwalla.com/gila-cms-vulnerabilities

ExploitThird Party Advisory

https://www.navidkagalwalla.com/gila-cms-vulnerabilities

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-639

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-10-04T12:15:07.517Z

4 years ago

Last modified

2024-11-21T05:15:53.590Z

1 year ago