Description
GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathname (and extension). This allows creation of PHP files outside of the uploads directory, directly in the webroot.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://herolab.usd.de/security-advisories/usd-2023-0022/
Scores
CVSS v3
7.2
EPSS
0.0121
EPSS Percentile
64.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (1)
gibbonedu/gibbon
< 25.0.00
Published
Nov 14, 2023
Tracked Since
Feb 18, 2026