High severity7.2NVD Advisory· Published Nov 14, 2023· Updated Jun 17, 2026
CVE-2023-45880
CVE-2023-45880
Description
GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathname (and extension). This allows creation of PHP files outside of the uploads directory, directly in the webroot.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- herolab.usd.de/security-advisories/usd-2023-0022/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.