Lucene search
K

17 matches found

EUVD
EUVD
added 2026/05/09 2:58 a.m.17 views

EUVD-2026-28898

Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PHP. Successful exploitation requires Teacher or higher privileges. Exploitation could result in...

8.9CVSS5.8AI score0.0032EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/09 2:41 a.m.29 views

EUVD-2026-28880

Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.phpL145 feature. Successful exploitation requires Teacher or high...

7CVSS5.9AI score0.00226EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-27727

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00164EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-1847

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01489EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/05/27 12:0 a.m.11 views

CVE-2025-26211

Gibbon before 29.0.00 allows CSRF...

3.7CVSS0.00164EPSS
Exploits0References2
CVE
CVE
added 2025/05/27 12:0 a.m.53 views

CVE-2025-26211

CVE-2025-26211 affects the Gibbon school platform. Affected software: Gibbon versions prior to 29.0.00. Vulnerability: cross-site request forgery (CSRF) as described in connected sources. Root cause details are not expanded beyond CSRF presence in the prior-to-29.0.00 release. Impact guidance fro...

8.8CVSS7AI score0.00164EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/27 12:0 a.m.5 views

CVE-2025-26211

Gibbon before 29.0.00 allows CSRF...

3.7CVSS7AI score0.00164EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:7 a.m.6 views

CVE-2024-24724

Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine messengerSettings.php without sanitization...

9.8CVSS7.8AI score0.26089EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:5 a.m.7 views

CVE-2024-51337

Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixed in v.28.0.00 allows a remote attacker to obtain sensitive information via the email parameter found in /Gibbon/modules/User Admin/usermanageeditProcess.php...

3.5CVSS3.7AI score0.0059EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:56 a.m.7 views

CVE-2023-34598

Gibbon v25.0.0 is vulnerable to a Local File Inclusion LFI where it's possible to include the content of several files present in the installation folder in the server's response...

9.8CVSS6.7AI score0.47238EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/05/22 10:35 p.m.6 views

CVE-2022-27305

Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation...

8.8CVSS6.8AI score0.01012EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:49 p.m.5 views

CVE-2022-27311

Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery SSRF via a crafted URL...

9.8CVSS7AI score0.01489EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/03/17 11:48 a.m.1042 views

Exploit for Path Traversal in Gibbonedu Gibbon

CVE-2023-34598 - Gibbon v25.0.0 LFI Exploit This repository c...

9.8CVSS9.5AI score0.47238EPSS
Exploits3
OSV
OSV
added 2024/11/21 7:15 p.m.7 views

CVE-2024-51337

Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixed in v.28.0.00 allows a remote attacker to obtain sensitive information via the email parameter found in /Gibbon/modules/User Admin/usermanageeditProcess.php...

3.5CVSS6.1AI score0.0059EPSS
Exploits1References2
OSV
OSV
added 2024/04/03 3:15 a.m.4 views

CVE-2024-24724

Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine messengerSettings.php without sanitization...

9.8CVSS9.8AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/06/29 3:15 p.m.5 views

CVE-2023-34598

Gibbon v25.0.0 is vulnerable to a Local File Inclusion LFI where it's possible to include the content of several files present in the installation folder in the server's response...

9.8CVSS7.3AI score0.47238EPSS
Exploits3References3
GithubExploit
GithubExploit
added 2023/06/23 7:49 p.m.15 views

Exploit for Path Traversal in Gibbonedu Gibbon

Gibbon v25.0.0 - Local File Inclusion - CVE-2023-34598 Gibbon...

9.8CVSS7AI score0.47238EPSS
Exploits3
Rows per page
Query Builder