CVE-2023-45878 Scanner

CVE-2023-45878 Scanner - Remote Code Execution (RCE) vulnerability in Gibbon LMS

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

10 days 8 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

The Gibbon LMS software is utilized by educational institutions worldwide as a comprehensive learning management system. Developed by the GibbonEdu community, it aims to facilitate efficient teaching and learning by providing various tools and features. The software is open-source, allowing users to customize it according to their school's needs, and is widely adopted for managing academic schedules, sharing resources, and tracking student progress. Its user-friendly interface and extensive functionality have made it popular among educators and administrators. The vulnerability in question was identified in Gibbon LMS versions 25.0.1 and earlier. The software typically operates within web environments hosted on school servers, making securing these environments crucial.

The detected vulnerability in Gibbon LMS involves an arbitrary file upload leading to Remote Code Execution (RCE). This issue arises from the 'rubrics_visualise_saveAjax.php' endpoint in the software, which lacks adequate authentication checks. Unauthenticated attackers can leverage this flaw to upload malicious PHP files onto the server, potentially executing arbitrary code. The critical nature of this vulnerability lies in its ability to allow attackers complete control over the compromised system. If exploited, the vulnerability poses significant threats to data security and system integrity. Immediate attention and remediation are necessary to mitigate potential risks. Fixes and upgrades have been released to address this vulnerability in subsequent software versions.

The vulnerability's technical details highlight the exploitation process through the 'rubrics_visualise_saveAjax.php' endpoint. The attack vector involves sending specially crafted POST requests to the server, which include parameters like 'img' and 'path', allowing the upload of a PHP script. Upon upload, the script can be executed via further requests, potentially executing commands on the server. This injection of PHP code is critical since it permits the execution of almost any command in the server context. The vulnerability resides in the application's flawed handling of user inputs and lack of authentication checks at critical points. As a result, it is essential to secure these endpoints to prevent unauthorized code execution.

Exploiting this vulnerability could lead to severe consequences, including unauthorized access to sensitive data stored within the Gibbon LMS. Malicious actors could execute arbitrary commands, potentially disrupting the educational activities managed through the software. Additionally, attackers might use compromised systems as vectors to launch further attacks within a network. The potential impact extends to data breaches, loss of educational material, and undermined trust in the LMS's security. As the LMS often contains personal information about students and staff, exploitation could also result in privacy violations. Implementing robust security measures and timely patching are crucial to counter such risks.

REFERENCES

Get started to protecting your digital assets