CVE-2023-45878 is a critical security vulnerability affecting GibbonEdu Gibbon version 25.0.1 and earlier. This vulnerability allows arbitrary file write due to the lack of authentication on the rubrics_visualise_saveAjax.phps endpoint. Attackers can exploit this flaw to upload malicious files, potentially leading to remote code execution without authentication. The severity of this vulnerability is underscored by its CVSS score of 9.8, indicating a critical risk to organizations using the affected software.
The vulnerability was published on November 14, 2023, and organizations should prioritize patching immediately. The attack vector for this vulnerability is network-based with low complexity, meaning that it can be exploited easily and does not require elevated privileges or user interaction. This significantly increases the risk for organizations that have not yet addressed the vulnerability.
Risk to organizations includes unauthorized access to sensitive data and potential full system compromise, making immediate remediation essential. The lack of known public exploits at this time does not diminish the urgency for organizations to act, as the vulnerability's characteristics suggest it could be weaponized quickly.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)