PT-2026-39317 · Gibbon · Gibbon

Nikolai Makaroff

·

Published

2026-05-09

·

Updated

2026-05-11

·

CVE-2026-8207

CVSS v4.0

7.0

High

VectorAV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Name of the Vulnerable Software and Affected Versions Gibbon versions prior to 30.0.01
Description An authenticated SQL Injection exists in the Tracking/graphing feature. Users with Teacher or higher privileges can abuse this functionality to perform unintended read and write activities on the underlying database. The issue is located in the 'graphing.php' file.
Recommendations Update to version 30.0.01 or later.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-8207

Affected Products

Gibbon