CVE-2023-45878 PoC — Gibbon 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-45878.yaml

Associated Vulnerability

Title:Gibbon 安全漏洞 (CVE-2023-45878)
Description:Gibbon是一个解决教育工作者每天遇到的实际问题的学校平台。 GibbonEdu Gibbon 25.0.1版本存在安全漏洞，该漏洞源于允许未经身份验证的攻击者将任意文件上传到应用程序，并在底层系统上执行代码。

Description

Gibbon LMS versions 25.0.1 and earlier are vulnerable to an Arbitrary File Upload that can lead to Remote Code Execution (RCE). The issue stems from the rubrics_visualise_saveAjax.php endpoint, which, notably, does not require authentication. Because of this, unauthenticated attackers could potentially upload malicious PHP files and execute arbitrary code on the server.

File Snapshot


 id: CVE-2023-45878

info:
  name: Gibbon LMS <= v25.0.01 - File Upload to RCE
  author: ajdumanhug
 

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!