14 Nov 2023
Vulnérabilité CVE-2023-45880 CVE Vulnerability
GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathname (and extension). This allows creation of PHP files outside of the uploads directory, directly in the webroot. (CVSS:0.0) (Last Update:2023-11-14 06:15:29)
Vulnerability Details :
GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathname (and extension). This allows creation of PHP files outside of the uploads directory, directly in the webroot.
Vulnerability category:Directory traversal
Exploit prediction scoring system (EPSS) score for CVE-2023-45880
We don't have an EPSS score for this CVE yet EPSS FAQ
References for CVE-2023-45880
- https://herolab.usd.de/security-advisories/usd-2023-0022/ usd-2023-0022 - usd HeroLab