all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Gibbon School Platform 26.0.00 Remote Code Execution

Add to bookmarks
April 5, 2024, 5:58 p.m. |

Packet Storm packetstormsecurity.com

A remote code execution vulnerability in Gibbon online school platform version 26.0.00 and lower allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the endpoint /modules/System%20Admin/import_run.php&type=externalAssessment&step=4. As it allows remote code execution, adversaries could exploit this flaw to execute arbitrary commands, potentially resulting in complete system compromise, data exfiltration, or unauthorized access to sensitive information.

adversaries amp attacks code code execution deserialization endpoint exploit flaw modules php platform remote code remote code execution request school system version vulnerability

Visit resource

More from packetstormsecurity.com / Packet Storm

Packet Storm New Exploits For April, 2024 8 hours ago | packetstormsecurity.com
april archive exploits packet +2
Ubuntu Security Notice USN-6760-1 9 hours ago | packetstormsecurity.com
attacker data denial of service file +11
Kernel Live Patch Security Notice LSN-0103-1 9 hours ago | packetstormsecurity.com
attacker con data expose +20
Microsoft PlayReady Cryptography Weakness 9 hours ago | packetstormsecurity.com
attack beyond cryptography extraction +15
Online Tours And Travels Management System 1.0 SQL Injection 9 hours ago | packetstormsecurity.com
injection management management system sql +6
Qantas App Glitch Sees Boarding Passes Fly To Other Accounts 9 hours ago | packetstormsecurity.com
accounts app data loss flaw +4
Adobe Adds Content Credentials And Firefly To Bug Bounty Program 9 hours ago | packetstormsecurity.com
adobe bounty bug bug bounty +5
Google Boosts Bug Bounty Payouts Tenfold In Mobile App Security Push 9 hours ago | packetstormsecurity.com
app bounty bug bug bounty +6
London Drugs Pharmacy Closes All Stores To Respond To Cyber Incident 9 hours ago | packetstormsecurity.com
britain cyber cyber incident data loss +8

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Azure DevSecOps Cloud Engineer II

@ Prudent Technology | McLean, VA, USA
View on infosec-jobs.com

Security Engineer III - Python, AWS

@ JPMorgan Chase & Co. | Bengaluru, Karnataka, India
View on infosec-jobs.com

SOC Analyst (Threat Hunter)

@ NCS | Singapore, Singapore
View on infosec-jobs.com

Managed Services Information Security Manager

@ NTT DATA | Sydney, Australia
View on infosec-jobs.com

Senior Security Engineer (Remote)

@ Mattermost | United Kingdom
View on infosec-jobs.com

Penetration Tester (Part Time & Remote)

@ TestPros | United States - Remote
View on infosec-jobs.com
View more jobs