What is CVE-2023-45878?

CVE-2023-45878 is a vulnerability in N/a. Published 2023-11-14.

Is CVE-2023-45878 known to be exploited?

21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-45878

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expecte…

EPSS: 0.926 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

Can0I0Ever0Enter/CVE-2023-45878
davidzzo23/CVE-2023-45878
killercd/CVE-2023-45878
byt3loss/CVE-2023-45878_to_RCE
PaulDHaes/CVE-2023-45878-POC
ulricvbs/gibbonlms-filewrite_rce
nrazv/CVE-2023-45878
dgoorden/CVE-2023-45878
fcoomans/HTB-machines
jrbH4CK/GibbonLMS-FileWrite-RCE

References

herolab.usd.de/security-advisories/usd-2023-0025/

Frequently asked questions

What is CVE-2023-45878?: CVE-2023-45878 is a vulnerability in N/a. Published 2023-11-14.
Is CVE-2023-45878 known to be exploited?: 21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.