Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
GibbonEdu Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2023-45880 - Vulnerability Database
GibbonEdu

GibbonEdu Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2023-45880

High
Reference: CVE-2023-45880
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-45880
Title: GibbonEdu Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Overview:

GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathname (and extension). This allows creation of PHP files outside of the uploads directory directly in the webroot.