Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-34598: GitHub - maddsec/CVE-2023-34598: Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) vulnerability where it's possible to include the content of several files present in the installation fold

Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it’s possible to include the content of several files present in the installation folder in the server’s response.

CVE
Open in Source
#vulnerability#git#php

Gibbon v25.0.0 - Local File Inclusion - CVE-2023-34598

Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) vulnerability where it’s possible to include the content of several files present in the installation folder in the server’s response.

Proof of Concept

In order to exploit the vulnerability, an attacker would need to manipulate the “q” parameter to query a local file. This manipulation would cause the file to be included in the server’s response. However, it’s important to note that this exploit is only effective for files located within the installation folder and under specific conditions, which exclude PHP files, for instance.

http://gibbon.local/q=./file

Vendor information:

Name: Gibbon URL: https://gibbonedu.org Github repo: https://github.com/GibbonEdu/core

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE