// For flags

CVE-2023-45878

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to be a base64 encoded image. If the path parameter is set, the defined path is used as the destination folder, concatenated with the absolute path of the installation directory. The content of the img parameter is base64 decoded and written to the defined file path. This allows creation of PHP files that permit Remote Code Execution (unauthenticated).

GibbonEdu Gibbon versión 25.0.1 y anteriores permite la escritura arbitraria de archivos porque rubrics_visualise_saveAjax.phps no requiere autenticación. El endpoint acepta los parámetros img, path y gibbonPersonID. Se espera que el parámetro img sea una imagen codificada en base64. Si se establece el parámetro de ruta, la ruta definida se utiliza como carpeta de destino, concatenada con la ruta absoluta del directorio de instalación. El contenido del parámetro img se decodifica en base64 y se escribe en la ruta del archivo definida. Esto permite la creación de archivos PHP que permiten la ejecución remota de código (no autenticado).

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
Poc
Automatable
Yes
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2023-10-15 CVE Reserved
  • 2023-11-14 CVE Published
  • 2024-12-17 EPSS Updated
  • 2025-01-08 CVE Updated
  • 2025-01-08 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-787: Out-of-bounds Write
CAPEC
References (1)
URL Tag Source
URL Date SRC
https://herolab.usd.de/security-advisories/usd-2023-0025 2025-01-08
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gibbonedu
Search vendor "Gibbonedu"
 Gibbon
Search vendor "Gibbonedu" for product "Gibbon"
 <= 25.0.01
Search vendor "Gibbonedu" for product "Gibbon" and version " <= 25.0.01"
-
Affected