CVE-2023-45878: Critical Vulnerability in GibbonEdu Allows Remote Code Execution

by ·

GibbonEdu is an open-source educational software used by schools and institutions worldwide. A critical vulnerability tracked as CVE-2023-45878 carries a CVSS score of 9.8 and affects GibbonEdu versions 25.0.1 and earlier. This vulnerability allows remote code execution (RCE), enabling attackers to take control of affected systems.

CVE-2023-45878

Vulnerability Overview

The vulnerability lies in the rubrics_visualise_saveAjax.php file, which lacks proper authentication. This allows an attacker to upload arbitrary files, including PHP files, to the server. Once uploaded, these PHP files can be executed, granting the attacker complete control over the affected system.

Impact

The impact of this vulnerability is severe. An attacker can exploit this vulnerability to:

  • Take complete control of the affected system
  • Install malware
  • Steal sensitive data
  • Disrupt school operations

Mitigation

Users are strongly advised to update to GibbonEdu version 26.0.0 or later immediately. This update patches the vulnerability and prevents unauthorized file uploads. Additionally, schools should implement additional security measures, such as firewalls and intrusion detection systems, to further protect their systems.

Technical Details

The CVE-2023-45878 vulnerability is caused by the lack of proper input validation in the rubrics_visualise_saveAjax.php file. The file accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to contain a base64-encoded image. However, if the path parameter is set, the file is written to the specified location. This allows an attacker to upload a PHP file and execute it on the server.

Proof-of-Concept

Christian Poeschl of usd AG has published a proof-of-concept exploit for this vulnerability. The exploit demonstrates how an attacker can upload a PHP file to the server and execute arbitrary code.

Recommendations

  • Update to GibbonEdu version 25.0.2 or later immediately.
  • Implement additional security measures, such as firewalls and intrusion detection systems.
  • Ensure that only valid file types can be uploaded.

Tags: