Lucene search

[email protected]NVD:CVE-2023-45878

HistoryNov 14, 2023 - 6:15 a.m.

CVE-2023-45878

2023-11-1406:15:29

[email protected]

web.nvd.nist.gov

arbitrary file write

authentication bypass

remote code execution

cve-2023-45878

gibbonedu

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

76.5%

JSON

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to be a base64 encoded image. If the path parameter is set, the defined path is used as the destination folder, concatenated with the absolute path of the installation directory. The content of the img parameter is base64 decoded and written to the defined file path. This allows creation of PHP files that permit Remote Code Execution (unauthenticated).

Affected configurations

Nvd

Node

gibbonedugibbonRange≤25.0.01

VendorProductVersionCPE
gibbonedugibbon*cpe:2.3:a:gibbonedu:gibbon:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gibbonedu	gibbon	*	cpe:2.3:a:gibbonedu:gibbon::::::::

References

herolab.usd.de/security-advisories/usd-2023-0025/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

76.5%

JSON

Related for NVD:CVE-2023-45878

prion1 cvelist1 osv1 cve1