Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-24724

Published: 03/04/2024 Updated: 03/04/2024

Vulnerability Summary

Gibbon up to and including 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine (messengerSettings.php) without sanitization.

Vendor Advisories

Check Point Security Alerts: Gibbon Server-Side Template Injection (CVE-2024-24724)
Check Point Reference: CPAI-2024-0160 Date Published: 7 Apr 2024 Severity: High ...

Exploits

Exploit DB: Gibbon 26.0.00 Server-Side Template Injection / Remote Code Execution
Gibbon version 26000 suffers from a server-side template injection vulnerability that allows for remote code execution ...

References

https://gibbonedu.org/download/https://packetstormsecurity.com/files/177857https://nvd.nist.govhttps://packetstormsecurity.com/files/177857/Gibbon-26.0.00-Server-Side-Template-Injection-Remote-Code-Execution.htmlhttps://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2024-0160.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook