Published: 23/03/2024 Updated: 25/03/2024

Gibbon up to and including 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI.

Check Point Reference: CPAI-2024-0182 Date Published: 24 Apr 2024 Severity: High ...

Gibbon LMS version 26000 suffers from a PHP deserialization vulnerability that allows for authenticated remote code execution ...

A remote code execution vulnerability in Gibbon online school platform version 26000 and lower allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the endpoint /modules/System%20Admin/import_runphp&type=externalAssessment&step=4 As it allows remote code execution, adversaries cou ...

https://gibbonedu.org/download/https://www.exploit-db.com/exploits/51903 https://nvd.nist.gov https://packetstormsecurity.com/files/177635/Gibbon-LMS-26.0.00-PHP-Deserialization-Code-Execution.html https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2024-0182.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-24725

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect