Description
GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathname (and extension). This allows creation of PHP files outside of the uploads directory, directly in the webroot.
Remediation
References
Related Vulnerabilities
MySQL CVE-2023-22092 Vulnerability (CVE-2023-22092)
Next.js Authentication Bypass Using an Alternate Path or Channel Vulnerability (CVE-2026-44574)
WordPress Plugin Push Notifications for WordPress (Lite) Cross-Site Request Forgery (6.0)
WordPress Plugin Custom Background 'uploadify.php' Arbitrary File Upload (1.01)