what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 3 of 3

Files from Fikrat Guliev

Gibbon School Platform 26.0.00 Remote Code Execution

Posted Apr 5, 2024

Authored by h00die-gr3y, Islam Rzayev, Fikrat Guliev, Ali Maharramli | Site metasploit.com

A remote code execution vulnerability in Gibbon online school platform version 26.0.00 and lower allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the endpoint /modules/System%20Admin/import_run.php&type=externalAssessment&step=4. As it allows remote code execution, adversaries could exploit this flaw to execute arbitrary commands, potentially resulting in complete system compromise, data exfiltration, or unauthorized access to sensitive information.

tags | exploit, remote, arbitrary, php, code execution

advisories | CVE-2024-24725

SHA-256 | 2d1220fa63bd54538247325712a8d4f836dcc60733d8cebe63cd721eb6755ba9

Download | Favorite | View

Gibbon 26.0.00 Server-Side Template Injection / Remote Code Execution

Posted Apr 1, 2024

Authored by Islam Rzayev, Fikrat Guliev, Ali Maharramli

Gibbon version 26.0.00 suffers from a server-side template injection vulnerability that allows for remote code execution.

tags | exploit, remote, code execution

advisories | CVE-2024-24724

SHA-256 | 1b3c7352aa031d230c3c80c612cd9d93b73f2fc15a2b82894af48bf0b12e4b63

Download | Favorite | View

Gibbon LMS 26.0.00 PHP Deserialization / Code Execution

Posted Mar 19, 2024

Authored by Islam Rzayev, Fikrat, Fikrat Guliev, Ali Maharramli

Gibbon LMS version 26.0.00 suffers from a PHP deserialization vulnerability that allows for authenticated remote code execution.

tags | exploit, remote, php, code execution

advisories | CVE-2024-24725

SHA-256 | 59928ae4eff1731c08c74e479a51ac4208ffe4eba4d4ff9a8f5158374bc15227

Download | Favorite | View