跳转到帖子

Gibbon School Platform Authenticated PHP Deserialization Vulnerability

recommended_posts

发布于
  • Members

Gibbon School Platform Authenticated PHP Deserialization Vulnerability

Disclosed
03/18/2024
Created
04/05/2024

Description

A Remote Code Execution vulnerability in Gibbon online school platform version 26.0.00 and lower allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the endpoint `/modules/System%20Admin/import_run.php&type=externalAssessment&step=4`. As it allows remote code execution, adversaries could exploit this flaw to execute arbitrary commands, potentially resulting in complete system compromise, data exfiltration, or unauthorized access to sensitive information.

Author(s)

Platform

Linux,PHP,Unix,Windows

Architectures

php, cmd, x64, x86

Development

  • Source Code
  • History
  • 查看数 709
  • 已创建
  • 最后回复

参与讨论

你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。
注意:你的帖子需要版主批准后才能看到。

游客
回帖…