Security Advisory

CVE-2023-45880

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-11-14 00:00:00

Last updated 2024-09-03 15:18:59

Assigner mitre

State PUBLISHED

Description

GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathname (and extension). This allows creation of PHP files outside of the uploads directory, directly in the webroot.

← Browse all CVEs View on cve.org ↗