CVE-2023-45878

CRITICAL

CVSS v3

9.8

CRITICAL

EPSS Score

92.5%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to be a base64 encoded image. If the path parameter is set, the defined path is used as the destination folder, concatenated with the absolute path of the installation directory. The content of the img parameter is base64 decoded and written to the defined file path. This allows creation of PHP files that permit Remote Code Execution (unauthenticated).

Technical Details

Published
11/14/2023

Frequently Asked Questions

What is CVE-2023-45878?

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to be a base64 encoded image. If the path parameter is set, the defined path is used as the destination folder, concatenated with the absolute path of the installation directory. The content of the img parameter is base64 decoded and written to the defined file path. This allows creation of PHP files that permit Remote Code Execution (unauthenticated).

Is CVE-2023-45878 actively exploited?

Active exploitation of CVE-2023-45878 has not been confirmed. The EPSS score is 92.5%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2023-45878?

CVE-2023-45878 has a CVSS v3 base score of 9.8 (CRITICAL severity).

Is CVE-2023-45878 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.