PT-2024-20519 · Gibbon +1 · Gibbon +1

Name of the Vulnerable Software and Affected Versions: Gibbon versions through 26.0.00 Description: The issue allows for Server Side Template Injection leading to Remote Code Execution. This occurs because input is passed to the Twig template engine in messengerSettings.php without sanitization,...

Gibbon 26.0.00 Server-Side Template Injection / Remote Code Execution

Exploit Title: Gibbon LMS has an SSTI vulnerability on the v26.0.00 version Date: 21.01.2024 Exploit Author: SecondX.io Research TeamIslam Rzayev,Fikrat Guliev, Ali Maharramli Vendor Homepage: https://gibbonedu.org/ Software Link: https://github.com/GibbonEdu/core Version: v26.0.00 Tested on:...