CVE-2023-45878

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 14, 2023
Updated: Nov 17, 2023

Summary

CVE-2023-45878 is a critical vulnerability affecting GibbonEdu Gibbon version 25.0.1 and earlier. This vulnerability allows for arbitrary file write, as the "rubrics_visualise_saveAjax.phps" endpoint does not require authentication. Attackers can exploit this by providing base64 encoded image data as the "img" parameter and defining a path for the "path" parameter. The encoded image is then decoded and written to the specified file path, enabling the creation of PHP files that can execute remote code without authentication. This vulnerability poses a high risk to organizations using affected versions of GibbonEdu, as it can lead to unauthorized remote code execution. To remediate this issue, users are advised to update to a version that includes a fix for this vulnerability.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-45878 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options