Security Advisory

CVE-2026-8207

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-05-09 02:41:46

Last updated 2026-05-11 14:42:39

Assigner PRJBLK

State PUBLISHED

Description

Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.php#L145 feature. Successful exploitation requires Teacher or higher privileges. Exploitation could result in unintended read/write activities to the underlying database.

← Browse all CVEs View on cve.org ↗