exploitDog

CVE-2024-24724

Опубликовано: 03 апр. 2024

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine (messengerSettings.php) without sanitization.

Ссылки

https://gibbonedu.org/download/
Product
https://packetstormsecurity.com/files/177857
Exploit
https://gibbonedu.org/download/
Product
https://packetstormsecurity.com/files/177857
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gibbonedu:gibbon:*:*:*:*:*:*:*:*

Версия до 26.0.00 (включая)

EPSS

Процентиль: 97%

0.39236

Средний

9.8 Critical

CVSS3

Дефекты

CWE-1336

Связанные уязвимости

GHSA-8qpg-h99j-c4j3

CVSS3: 9.8

github

почти 2 года назад

Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine (messengerSettings.php) without sanitization.

EPSS

Процентиль: 97%

0.39236

Средний

9.8 Critical

CVSS3

Дефекты

CWE-1336