CVE-2021-37777
published 2021-10-04CVE-2021-37777: Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by…
PriorityP337high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.65%
73.5th percentile
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gilacms | gila_cms | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET EXPLOIT Amcrest Camera and NVR Buffer Overflow Attempt (CVE-2020-5735)
suricata·2021-10-27·CVSS 8.8
CVE-2016-4437 [HIGH] ET EXPLOIT Amcrest Camera and NVR Buffer Overflow Attempt (CVE-2020-5735)
ET EXPLOIT Amcrest Camera and NVR Buffer Overflow Attempt (CVE-2020-5735)
Rule: alert tcp any any -> [$HOME_NET,$HTTP_SERVERS] 37777 (msg:"ET EXPLOIT Amcrest Camera and NVR Buffer Overflow Attempt (CVE-2020-5735)"; flow:established,to_server; http.cookie; content:"|62 00 00 00|"; startswith; content:"Protocol|3a 20|"; distance:0; fast_pattern; content:"|0d 0a|"; distance:200; reference:url,www.exploit-db.com/exploits/48304; reference:cve,2016-4437; reference:cve,2020-5735; classtype:attempted-admin; sid:2034257; rev:2; metadata:attack_target Server, created_at 2021_10_27, cve CVE_2020_5735, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Exploit, tag CISA_KEV, updated_at 2021_10_27, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_t
No public exploits indexed.
No writeups or analysis indexed.
2021-10-04
Published