CVE-2024-24725

HIGH

Gibbon < 26.0.00 - Authenticated PHP Deserialization via columnOrder Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2024-24725. PoCs published by Ali Maharramli_Fikrat Guliev_Islam Rzayev, MelkorW, including Metasploit module exploits/multi/http/gibbon_auth_rce_cve_2024_24725.

AI-analyzed exploit summary This exploit leverages a PHP deserialization vulnerability in Gibbon LMS v26.0.00 to achieve remote code execution (RCE). It authenticates, generates a malicious payload, and sends it via a crafted multipart/form-data request to trigger command execution.

Description

Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI.

Exploits (3)

exploitdb WORKING POC
by Ali Maharramli_Fikrat Guliev_Islam Rzayev · pythonwebappsphp
https://www.exploit-db.com/exploits/51903

This exploit leverages a PHP deserialization vulnerability in Gibbon LMS v26.0.00 to achieve remote code execution (RCE). It authenticates, generates a malicious payload, and sends it via a crafted multipart/form-data request to trigger command execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Gibbon LMS v26.0.00
Auth required
Prerequisites: Valid credentials for the target Gibbon LMS instance · Network access to the target host
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by MelkorW · poc
https://github.com/MelkorW/CVE-2024-24725-PoC

This repository contains a functional PHP exploit for CVE-2024-24725, targeting the Gibbon School Management System. The exploit chains authentication bypass with RCE via crafted multipart/form-data requests to the import_run.php endpoint.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Gibbon School Management System
Auth required
Prerequisites: Valid credentials for authentication · Access to the target's login.php and import_run.php endpoints
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/gibbon_auth_rce_cve_2024_24725.rb

This Metasploit module exploits a PHP deserialization vulnerability in Gibbon School Platform (CVE-2024-24725) to achieve remote code execution. It authenticates, uploads a malicious payload via a crafted POST request, and executes arbitrary commands.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Gibbon School Platform <= 26.0.00
Auth required
Prerequisites: Valid credentials for Gibbon platform · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.5132
EPSS Percentile 98.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-502
Status published
Products (1)
gibbonedu/gibbon < 26.0.00
Published Mar 23, 2024
Tracked Since Feb 18, 2026