Vulnerabilities (CVE)

Filtered by vendor Gibbonedu Subscribe

Filtered by product Gibbon

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-45880	1 Gibbonedu	1 Gibbon	2023-11-17	N/A	7.2 HIGH
GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathname (and extension). This allows creation of PHP files outside of the uploads directory, directly in the webroot.
CVE-2022-27305	1 Gibbonedu	1 Gibbon	2022-06-08	6.8 MEDIUM	8.8 HIGH
Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation.