Description

Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine (messengerSettings.php) without sanitization.

Remediation

References

CVE-2024-24724

Related Vulnerabilities

PHP CVE-2007-0910 Vulnerability (CVE-2007-0910)

WebLogic CVE-2019-2650 Vulnerability (CVE-2019-2650)

Telerik Web UI Improper Input Validation Vulnerability (CVE-2017-11357)

Perl Out-of-bounds Write Vulnerability (CVE-2022-48522)

WordPress Plugin Backup & Restore Dropbox Multiple Vulnerabilities (1.4.7.5)

Severity

Critical

Classification

CVE-2024-24724 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities