Gibbon School Platform 26.0.00 Remote Code Execution

Posted on 06 April 2024

A remote code execution vulnerability in Gibbon online school platform version 26.0.00 and lower allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the endpoint /modules/System%20Admin/import_run.php&type=externalAssessment&step=4. As it allows remote code execution, adversaries could exploit this flaw to execute arbitrary commands, potentially resulting in complete system compromise, data exfiltration, or unauthorized access to sensitive information.

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

htmlLawed 1.2.5 Remote Command Execution
Online Tours And Travels Management System 1.0 SQL Injection
osCommerce 4 Cross Site Scripting
ESET NOD32 Antivirus 17.1.11.0 Unquoted Service Path
Doctor Appointment Management System 1.0 Cross Site Scripting

Last 20