CVE-2026-8207

Published: Mag 09, 2026 Last Modified: Mag 09, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,0

Source: ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a

Attack Vector: network

Attack Complexity: low

Privileges Required: high

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.php#L145 feature. Successful exploitation requires Teacher or higher privileges. Exploitation could result in unintended read/write activities to the underlying database.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Availability Authentication Access Control

Potential Impacts:

Execute Unauthorized Code Or Commands Read Application Data Gain Privileges Or Assume Identity Bypass Protection Mechanism Modify Application Data

Applicable Platforms

Languages: Not Language-Specific, SQL

Technologies: Database Server

Likelihood of Exploit: High

View CWE Details

https://github.com/GibbonEdu/core/releases/tag/v30.0.01

https://projectblack.io/blog/gibbon-v30-authenticated-sql-i…

https://projectblack.io/blog/gibbon-v30-authenticated-sql-injection-and-rce/#sq…

CVE-2026-8207

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter