CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-45880

GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathname (and extension). This allows creation of PHP files outside of the uploads directory, directly in the webroot.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.7%

CVSS Severity

CVSS v3 Score 7.2

References

Products affected by CVE-2023-45880

Gibbonedu » Gibbon » Version: 10.0.00

cpe:2.3:a:gibbonedu:gibbon:10.0.00
Gibbonedu » Gibbon » Version: 11.0.00

cpe:2.3:a:gibbonedu:gibbon:11.0.00
Gibbonedu » Gibbon » Version: 12.0.00

cpe:2.3:a:gibbonedu:gibbon:12.0.00
Gibbonedu » Gibbon » Version: 13.0.00

cpe:2.3:a:gibbonedu:gibbon:13.0.00
Gibbonedu » Gibbon » Version: 13.0.01

cpe:2.3:a:gibbonedu:gibbon:13.0.01
Gibbonedu » Gibbon » Version: 13.0.02

cpe:2.3:a:gibbonedu:gibbon:13.0.02
Gibbonedu » Gibbon » Version: 14.0.00

cpe:2.3:a:gibbonedu:gibbon:14.0.00
Gibbonedu » Gibbon » Version: 14.0.01

cpe:2.3:a:gibbonedu:gibbon:14.0.01
Gibbonedu » Gibbon » Version: 15.0.00

cpe:2.3:a:gibbonedu:gibbon:15.0.00
Gibbonedu » Gibbon » Version: 15.0.01

cpe:2.3:a:gibbonedu:gibbon:15.0.01
Gibbonedu » Gibbon » Version: 16.0.00

cpe:2.3:a:gibbonedu:gibbon:16.0.00
Gibbonedu » Gibbon » Version: 16.0.01

cpe:2.3:a:gibbonedu:gibbon:16.0.01
Gibbonedu » Gibbon » Version: 17.0.00

cpe:2.3:a:gibbonedu:gibbon:17.0.00
Gibbonedu » Gibbon » Version: 18.0.00

cpe:2.3:a:gibbonedu:gibbon:18.0.00
Gibbonedu » Gibbon » Version: 18.0.01

cpe:2.3:a:gibbonedu:gibbon:18.0.01
Gibbonedu » Gibbon » Version: 19.0.00

cpe:2.3:a:gibbonedu:gibbon:19.0.00
Gibbonedu » Gibbon » Version: 20.0.00

cpe:2.3:a:gibbonedu:gibbon:20.0.00
Gibbonedu » Gibbon » Version: 21.0.00

cpe:2.3:a:gibbonedu:gibbon:21.0.00
Gibbonedu » Gibbon » Version: 21.0.01

cpe:2.3:a:gibbonedu:gibbon:21.0.01
Gibbonedu » Gibbon » Version: 22.0.00

cpe:2.3:a:gibbonedu:gibbon:22.0.00
Gibbonedu » Gibbon » Version: 22.0.01

cpe:2.3:a:gibbonedu:gibbon:22.0.01
Gibbonedu » Gibbon » Version: 23.0.00

cpe:2.3:a:gibbonedu:gibbon:23.0.00
Gibbonedu » Gibbon » Version: 23.0.01

cpe:2.3:a:gibbonedu:gibbon:23.0.01
Gibbonedu » Gibbon » Version: 23.0.02

cpe:2.3:a:gibbonedu:gibbon:23.0.02
Gibbonedu » Gibbon » Version: 24.0.00

cpe:2.3:a:gibbonedu:gibbon:24.0.00
Gibbonedu » Gibbon » Version: 24.0.01

cpe:2.3:a:gibbonedu:gibbon:24.0.01
Gibbonedu » Gibbon » Version: 25.0.00

cpe:2.3:a:gibbonedu:gibbon:25.0.00
Gibbonedu » Gibbon » Version: 7.0.00

cpe:2.3:a:gibbonedu:gibbon:7.0.00
Gibbonedu » Gibbon » Version: 7.0.01

cpe:2.3:a:gibbonedu:gibbon:7.0.01
Gibbonedu » Gibbon » Version: 7.1.00

cpe:2.3:a:gibbonedu:gibbon:7.1.00
Gibbonedu » Gibbon » Version: 7.1.01

cpe:2.3:a:gibbonedu:gibbon:7.1.01
Gibbonedu » Gibbon » Version: 7.1.02

cpe:2.3:a:gibbonedu:gibbon:7.1.02
Gibbonedu » Gibbon » Version: 8.0.00

cpe:2.3:a:gibbonedu:gibbon:8.0.00
Gibbonedu » Gibbon » Version: 8.0.01

cpe:2.3:a:gibbonedu:gibbon:8.0.01
Gibbonedu » Gibbon » Version: 8.0.02

cpe:2.3:a:gibbonedu:gibbon:8.0.02
Gibbonedu » Gibbon » Version: 8.0.03

cpe:2.3:a:gibbonedu:gibbon:8.0.03
Gibbonedu » Gibbon » Version: 8.0.04

cpe:2.3:a:gibbonedu:gibbon:8.0.04
Gibbonedu » Gibbon » Version: 8.0.05

cpe:2.3:a:gibbonedu:gibbon:8.0.05
Gibbonedu » Gibbon » Version: 8.0.06

cpe:2.3:a:gibbonedu:gibbon:8.0.06
Gibbonedu » Gibbon » Version: 8.1.00

cpe:2.3:a:gibbonedu:gibbon:8.1.00
Gibbonedu » Gibbon » Version: 8.2.00

cpe:2.3:a:gibbonedu:gibbon:8.2.00
Gibbonedu » Gibbon » Version: 8.3.00

cpe:2.3:a:gibbonedu:gibbon:8.3.00
Gibbonedu » Gibbon » Version: 9.0.00

cpe:2.3:a:gibbonedu:gibbon:9.0.00
Gibbonedu » Gibbon » Version: 9.1.00

cpe:2.3:a:gibbonedu:gibbon:9.1.00

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-45880

Products

Pricing

Contact Us