Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
GibbonEdu Improper Neutralization of Special Elements Used in a Template Engine Vulnerability - CVE-2024-24724 - Vulnerability Database
GibbonEdu

GibbonEdu Improper Neutralization of Special Elements Used in a Template Engine Vulnerability - CVE-2024-24724

Critical
Reference: CVE-2024-24724
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-24724
Title: GibbonEdu Improper Neutralization of Special Elements Used in a Template Engine Vulnerability
Overview:

Gibbon through 26.0.00 allows /modules/School20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine (messengerSettings.php) without sanitization.