PT-2026-39317 · Gibbon · Gibbon
Nikolai Makaroff
·
Published
2026-05-09
·
Updated
2026-05-11
·
CVE-2026-8207
CVSS v4.0
7.0
High
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Gibbon versions prior to 30.0.01
Description
An authenticated SQL Injection exists in the Tracking/graphing feature. Users with Teacher or higher privileges can abuse this functionality to perform unintended read and write activities on the underlying database. The issue is located in the 'graphing.php' file.
Recommendations
Update to version 30.0.01 or later.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gibbon