Lucene search

[email protected]CVE-2021-37777

HistoryOct 04, 2021 - 2:15 p.m.

CVE-2021-37777

2021-10-0414:15:07

CWE-639

[email protected]

web.nvd.nist.gov

gila cms

2.2.0

vulnerability

insecure direct object reference

sensitive information disclosure

cve-2021-37777

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.6%

JSON

Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure.

Affected configurations

NVD

Node

gilacmsgila_cmsMatch2.2.0

CPENameOperatorVersion
gilacms:gila_cmsgilacms gila cmseq2.2.0

CPE	Name	Operator	Version
gilacms:gila_cms	gilacms gila cms	eq	2.2.0

References

www.navidkagalwalla.com/gila-cms-vulnerabilities

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.6%

JSON

Related for CVE-2021-37777

cvelist1 cnvd1 nvd1 prion1