CVE-2024-24725 | Gibbon up to 26.0.00 POST Request import_run.php&type=externalAssessment&step=4 columnOrder deserialization (Exploit 51903 / EDB-51903)

Posted by Angelo Barbosa | Mar 24, 2024 | CVE

A vulnerability was found in Gibbon up to 26.0.00. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file modules/System%20Admin/import_run.php&type=externalAssessment&step=4 of the component POST Request Handler. The manipulation of the argument columnOrder leads to deserialization.

This vulnerability is known as CVE-2024-24725. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2024-24725 | Gibbon up to 26.0.00 POST Request import_run.php&type=externalAssessment&step=4 columnOrder deserialization (Exploit 51903 / EDB-51903)

Related Posts

CVE-2023-41014 | code-projects Online Job Portal 1.0 Employer Username sql injection

CVE-2023-6941 | Keap Official Opt-in Forms Plugin up to 1.0.11 on WordPress Setting cross site scripting

CVE-2024-10168 | realmag777 Active Products Tables for WooCommerce Plugin up to 1.0.6.4 on WordPress Shortcode woot_button cross site scripting

CVE-2024-9693 | GitLab Community Edition/Enterprise Edition up to 17.3.6/17.4.3/17.5.1 authorization (Issue 497449)