12 matches found
CVE-2026-8208
Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PHP. Successful exploitation requires Teacher or higher privileges. Exploitation could result in...
CVE-2026-8207
Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.phpL145 feature. Successful exploitation requires Teacher or high...
CVE-2026-8208
Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PHP. Successful exploitation requires Teacher or higher privileges. Exploitation could result in...
CVE-2026-8208
Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PHP. Successful exploitation requires Teacher or higher privileges. Exploitation could result in...
CVE-2025-26211
Gibbon before 29.0.00 allows CSRF...
CVE-2025-26211
Gibbon before 29.0.00 allows CSRF...
PT-2025-22955 · Gibbon · Gibbon
Name of the Vulnerable Software and Affected Versions: Gibbon versions prior to 29.0.00 Description: The issue allows for CSRF attacks. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited...
PT-2024-34601 · Gibbon · Gibbon
Name of the Vulnerable Software and Affected Versions: Gibbon versions prior to 28.0.00 Description: The issue allows a remote attacker to obtain sensitive information via the email parameter found in the "/Gibbon/modules/User Admin/user manage editProcess.php" API endpoint. Recommendations: For...
PT-2024-20520 · Gibbon · Gibbon
Name of the Vulnerable Software and Affected Versions: Gibbon versions 26.0.00 and earlier Description: The issue allows remote authenticated users to conduct PHP deserialization attacks via the columnOrder parameter in a POST request to the "/modules/System%20Admin/import...
PT-2023-29742 · Gibbon · Gibbon
Name of the Vulnerable Software and Affected Versions: GibbonEdu Gibbon versions through 25.0.0 Description: The issue allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathnam...
PT-2023-24940 · Gibbon · Gibbon
Name of the Vulnerable Software and Affected Versions: Gibbon version 25.0.0 Description: Multiple Cross-Site Scripting XSS vulnerabilities have been identified, which enable attackers to execute arbitrary Javascript code. Recommendations: For Gibbon version 25.0.0, at the moment, there is no...
CVE-2022-27311
Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery SSRF via a crafted URL...