Gibbon@* Security Vulnerabilities and Issues — Gibbon@* CVE List

Lucene search

GibboneduGibbon*

3 matches found

CVE•added 2024/04/03 3:15 a.m.•93 views

CVE-2024-24724

Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine (messengerSettings.php) without sanitization.

9.8CVSS7.7AI score0.21959EPSS

CVE•added 2024/03/23 11:15 p.m.•86 views

CVE-2024-24725

Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI.

8.8CVSS6.4AI score0.77638EPSS

CVE•added 2024/11/21 7:15 p.m.•40 views

CVE-2024-51337

Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixed in v.28.0.00 allows a remote attacker to obtain sensitive information via the email parameter found in /Gibbon/modules/User Admin/user_manage_editProcess.php.

3.5CVSS6.2AI score0.00245EPSS