AI Score
Confidence
Low
EPSS
Percentile
97.4%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI.
[
{
"cpes": [
"cpe:2.3:a:gibbonedu:gibbon:*:*:*:*:*:*:*:*"
],
"vendor": "gibbonedu",
"product": "gibbon",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "26.0.0"
}
],
"defaultStatus": "unknown"
}
]