Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2023-45878

Published: 14/11/2023 Updated: 17/11/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Gibbonedu

Vulnerability Summary

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to be a base64 encoded image. If the path parameter is set, the defined path is used as the destination folder, concatenated with the absolute path of the installation directory. The content of the img parameter is base64 decoded and written to the defined file path. This allows creation of PHP files that permit Remote Code Execution (unauthenticated).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gibbonedu gibbon

Vendor Advisories

Check Point Security Alerts: Gibbonedu Arbitrary File Write (CVE-2023-45878)
Check Point Reference: CPAI-2023-1245 Date Published: 30 Nov 2023 Severity: Critical ...

References

NVD-CWE-noinfohttps://herolab.usd.de/security-advisories/usd-2023-0025/https://nvd.nist.govhttps://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2023-1245.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook