CVE-2021-37777

Name of the Vulnerable Software and Affected Versions: Gila CMS version 2.2.0

Description: The issue allows thumbnails uploaded by one site owner to be visible to another site owner, potentially leading to sensitive information disclosure. This can be achieved by knowing the other site name and fuzzing for picture names.

Recommendations: For Gila CMS version 2.2.0, consider restricting access to thumbnail uploads to prevent unauthorized viewing by other site owners. As a temporary workaround, restrict access to the thumbnail directory until a patch is available.