CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

42 matches found

Gibbon v25.0.0 - Local File Inclusion

Gibbon v25.0.0 is vulnerable to a Local File Inclusion LFI vulnerability where it's possible to include the content of several files present in the installation folder in the server's response. id: CVE-2023-34598 info: name: Gibbon v25.0.0 - Local File Inclusion author: DhiyaneshDk severity:...

9.8CVSS7.7AI score0.91419EPSS

Exploits3References5

Nuclei•added yesterday•42 views

Gibbon v25.0.0 - Cross-Site Scripting

Multiple Cross-Site Scripting XSS vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code. id: CVE-2023-34599 info: name: Gibbon v25.0.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Multiple Cross-Site...

6.1CVSS6.7AI score0.4946EPSS

Exploits1References5

RedhatCVE•added 2026/01/09 12:34 p.m.•6 views

CVE-2023-45881

GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resourcesaddQuickajaxProcess.php file upload with resultant XSS. The imageAsLinks parameter must be set to Y to return HTML code. The filename attribute of the bodyfile1 parameter is reflected in the response...

6.1CVSS6.7AI score0.00259EPSS

Exploits1References1

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2023-50145

Malicious code in bioql PyPI...

7.2CVSS7AI score0.00471EPSS

Exploits1References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-50146

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00259EPSS

Exploits1References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-50144

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00239EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 3:50 a.m.•4 views

CVE-2023-45879

GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component...

5.4CVSS7.1AI score0.00239EPSS

Exploits1

RedhatCVE•added 2025/05/23 3:50 a.m.•6 views

CVE-2023-45880

GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathname and extension. This allows creation of PHP files outside of the uploads...

7.2CVSS6.9AI score0.00471EPSS

Exploits1

RedhatCVE•added 2025/05/23 2:25 a.m.•3 views

CVE-2023-45878

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubricsvisualisesaveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to be a base64 encoded image. If the path parameter is set...

9.8CVSS7.4AI score0.92556EPSS

Exploits8References1

GithubExploit•added 2025/03/30 1:33 p.m.•162 views

Exploit for Out-of-bounds Write in Gibbonedu Gibbon

CVE-2023-45878 GibbonEdu Arbitrary File Write to Web Shell...

9.8CVSS9.9AI score0.92556EPSS

Exploits8

GithubExploit•added 2025/03/19 4:44 p.m.•172 views

Exploit for Out-of-bounds Write in Gibbonedu Gibbon

CVE-2023-45878 GibbonEdu Gibbon Exploit version 25.0.1 Gi...

9.8CVSS9.4AI score0.92556EPSS

Exploits8

GithubExploit•added 2024/09/08 11:58 p.m.•70 views

Exploit for Cross-site Scripting in Gibbonedu Gibbon

CVE-2024-34831 XSS Vulnerability in GibbonEdu Core v26.0.00 le...

6.1CVSS9.2AI score0.01763EPSS

Exploits2

Exploit DB•added 2024/03/18 12:0 a.m.•353 views

Gibbon LMS < v26.0.00 - Authenticated RCE

Exploit Title: Gibbon LMS has a PHP Deserialization vulnerability on the v26.0.00 version Date: 22.01.2024 Exploit Author: SecondX.io Research TeamAli Maharramli,Fikrat Guliev,Islam Rzayev Vendor Homepage: https://gibbonedu.org/ Software Link: https://github.com/GibbonEdu/core Version: v26.0.00...

8.8CVSS6.6AI score0.81124EPSS

Exploits7