# N/A
## 漏洞概述
GibbonEdu Gibbon 25.0.1及之前版本存在任意文件写入漏洞,因为`rubrics_visualise_saveAjax.php`未要求身份验证。攻击者可通过此漏洞创建PHP文件,从而执行远程代码。
## 影响版本
- GibbonEdu Gibbon 25.0.1及之前版本
## 漏洞细节
- 漏洞存在于`rubrics_visualise_saveAjax.php`文件中。
- 该文件接受`img`、`path`和`gibbonPersonID`参数。
- `img`参数预期为Base64编码的图像。
- 如果设置`path`参数,将使用该参数定义的路径作为目标文件夹。
- `img`参数的内容会被Base64解码并写入定义的文件路径中。
## 影响
- 该漏洞允许未授权用户在指定路径中创建PHP文件,从而可能导致远程代码执行。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | None | https://github.com/dgoorden/CVE-2023-45878 | POC详情 |
| 2 | CVE-2023-45878 poc for gibbon LMS on xampp windows | https://github.com/PaulDHaes/CVE-2023-45878-POC | POC详情 |
| 3 | CVE-2023-45878 GibbonEdu Arbitrary File Write | https://github.com/killercd/CVE-2023-45878 | POC详情 |
| 4 | CVE-2023-45878 easy exploit | revers sehell | https://github.com/nrazv/CVE-2023-45878 | POC详情 |
| 5 | This script chains and automates Arbitrary File Write to RCE on Gibbon LMS through CVE-2023-45878 exploitation. | https://github.com/0xyy66/CVE-2023-45878_to_RCE | POC详情 |
| 6 | GibbonEdu Arbitrary File Write to Remote Code Execution | https://github.com/davidzzo23/CVE-2023-45878 | POC详情 |
| 7 | None | https://github.com/Can0I0Ever0Enter/CVE-2023-45878 | POC详情 |
| 8 | Gibbon LMS versions 25.0.1 and earlier are vulnerable to an Arbitrary File Upload that can lead to Remote Code Execution (RCE). The issue stems from the rubrics_visualise_saveAjax.php endpoint, which, notably, does not require authentication. Because of this, unauthenticated attackers could potentially upload malicious PHP files and execute arbitrary code on the server. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-45878.yaml | POC详情 |
| 9 | PoC - Arbitrary File Write in Gibbon LMS for RCE (CVE-2023-45878) | https://github.com/ulricvbs/gibbonlms-filewrite_rce | POC详情 |
| 10 | This script chains and automates Arbitrary File Write to RCE on Gibbon LMS through CVE-2023-45878 exploitation. | https://github.com/byt3loss/CVE-2023-45878_to_RCE | POC详情 |
暂无评论