Skip to content
/ CVE-2023-34598 Public

Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) vulnerability where it's possible to include the content of several files present in the installation folder in the server's response.

1 star 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

maddsec/CVE-2023-34598

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 

Repository files navigation

Gibbon v25.0.0 - Local File Inclusion - CVE-2023-34598

Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) vulnerability where it's possible to include the content of several files present in the installation folder in the server's response.

Proof of Concept

In order to exploit the vulnerability, an attacker would need to manipulate the "q" parameter to query a local file. This manipulation would cause the file to be included in the server's response. However, it's important to note that this exploit is only effective for files located within the installation folder and under specific conditions, which exclude PHP files, for instance.

http://gibbon.local/q=./file

image

image

Vendor information:

Name: Gibbon URL: https://gibbonedu.org Github repo: https://github.com/GibbonEdu/core

About

Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) vulnerability where it's possible to include the content of several files present in the installation folder in the server's response.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published