CVE-2026-8209

Published: Mag 09, 2026 Last Modified: Mag 09, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,9

Source: ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a

Attack Vector: network

Attack Complexity: high

Privileges Required: high

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of the file and a DOS condition. Successful exploitation requires Teacher or higher privileges. Exploitation could result in loss of availability of the web application.

Relative Path Traversal

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Execute Unauthorized Code Or Commands Modify Files Or Directories Read Files Or Directories Dos: Crash, Exit, Or Restart

Applicable Platforms

Technologies: AI/ML, Not Technology-Specific, Web Based

View CWE Details

https://github.com/GibbonEdu/core/releases/tag/v30.0.01

https://projectblack.io/blog/gibbon-v30-authenticated-sql-i…

https://projectblack.io/blog/gibbon-v30-authenticated-sql-injection-and-rce/#de…

CVE-2026-8209

Description

Relative Path Traversal

Common Consequences

Applicable Platforms

Iscriviti alla newsletter