CVE-2023-45878 Scanner

CVE-2023-45878 Scanner - Arbitrary File Upload to Remote Code Execution (RCE) vulnerability in Gibbon LMS

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

8 days 8 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

Gibbon LMS is a widely used learning management system designed to support educational institutions in managing courses, assessments, and student progress. It provides a user-friendly platform for teachers, students, and administrators. The system supports a variety of learning tools such as gradebooks, attendance records, and lesson plans. Gibbon LMS allows customization and integration with other educational tools. Its flexible architecture makes it suitable for schools, colleges, and training centers. The system is open-source, and it offers a range of features to create an interactive and efficient learning environment.

The vulnerability in Gibbon LMS occurs due to insufficient validation in the 'rubrics_visualise_saveAjax.php' endpoint, which handles file uploads. This lack of proper input sanitization allows attackers to upload arbitrary PHP files without authentication. Once uploaded, these files can be executed remotely on the server, leading to Remote Code Execution (RCE). The critical nature of this vulnerability is exacerbated by the fact that it does not require authentication, meaning that any unauthenticated attacker can exploit it. The vulnerability affects all versions of Gibbon LMS up to and including version 25.0.1.

This vulnerability is triggered when an attacker sends a crafted POST request to the 'rubrics_visualise_saveAjax.php' endpoint. The request contains a specially crafted 'img' parameter that bypasses the file type restrictions and allows the upload of a PHP file. Once the file is uploaded, it is stored with a '.php' extension, and the attacker can trigger the file by sending a GET request to the server. This results in the execution of arbitrary PHP code on the server, allowing attackers to take control of the server and execute malicious actions. The endpoint does not enforce proper authentication, making this attack vector easily exploitable.

If exploited, this vulnerability can have catastrophic consequences for affected systems. The attacker could gain full control of the server, allowing them to execute arbitrary commands, steal sensitive data, modify configurations, or install malware. Given the critical nature of this flaw and the high CVSS score, the attack could lead to severe data breaches or system compromises. Furthermore, the attacker could use this access to escalate privileges or pivot within the network, potentially compromising other systems. It is crucial to patch this vulnerability as soon as possible to prevent unauthorized access.

References:

Get started to protecting your digital assets