Our #usdHeroLab #Pentest professionals analyzed #GibbonEdu during their pentests.
1⃣Vulnerability Type: Arbitrary File Write #CWE434
🚨 Security Risk: Critical
🔎CVE number: CVE-2023-45878
🧵👇 More Details

🧐 Gibbon Edu is an #opensource educational software designed for #schools and #institutions to manage their administrative and academic processes. It offers a range of features to facilitate communication, collaboration, and organization within the educational community.

The identified vulnerability allowed unauthenticated attackers to upload arbitrary files to the application and receive code execution on the underlying system. To receive #RCE an attacker must craft a fake image which can be stored as PHP file.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 🧑‍💻👩‍💻👇
https://herolab.usd.de/security-advisories/usd-2023-0025/