17 matches found
EUVD-2026-28898
Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PHP. Successful exploitation requires Teacher or higher privileges. Exploitation could result in...
EUVD-2026-28880
Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.phpL145 feature. Successful exploitation requires Teacher or high...
EUVD-2025-27727
Malicious code in bioql PyPI...
EUVD-2022-1847
Malicious code in bioql PyPI...
CVE-2025-26211
Gibbon before 29.0.00 allows CSRF...
CVE-2025-26211
CVE-2025-26211 affects the Gibbon school platform. Affected software: Gibbon versions prior to 29.0.00. Vulnerability: cross-site request forgery (CSRF) as described in connected sources. Root cause details are not expanded beyond CSRF presence in the prior-to-29.0.00 release. Impact guidance fro...
CVE-2025-26211
Gibbon before 29.0.00 allows CSRF...
CVE-2024-24724
Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine messengerSettings.php without sanitization...
CVE-2024-51337
Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixed in v.28.0.00 allows a remote attacker to obtain sensitive information via the email parameter found in /Gibbon/modules/User Admin/usermanageeditProcess.php...
CVE-2023-34598
Gibbon v25.0.0 is vulnerable to a Local File Inclusion LFI where it's possible to include the content of several files present in the installation folder in the server's response...
CVE-2022-27305
Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation...
CVE-2022-27311
Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery SSRF via a crafted URL...
Exploit for Path Traversal in Gibbonedu Gibbon
CVE-2023-34598 - Gibbon v25.0.0 LFI Exploit This repository c...
CVE-2024-51337
Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixed in v.28.0.00 allows a remote attacker to obtain sensitive information via the email parameter found in /Gibbon/modules/User Admin/usermanageeditProcess.php...
CVE-2024-24724
Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine messengerSettings.php without sanitization...
CVE-2023-34598
Gibbon v25.0.0 is vulnerable to a Local File Inclusion LFI where it's possible to include the content of several files present in the installation folder in the server's response...
Exploit for Path Traversal in Gibbonedu Gibbon
Gibbon v25.0.0 - Local File Inclusion - CVE-2023-34598 Gibbon...