Vulnerabilities > CVE-2021-37777 - Authorization Bypass Through User-Controlled Key vulnerability in Gilacms Gila CMS 2.2.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |