Описание
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:gilacms:gila_cms:2.2.0:*:*:*:*:*:*:*
EPSS
Процентиль: 52%
0.0029
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure.
EPSS
Процентиль: 52%
0.0029
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-639