Description

Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response.

Remediation

References

CVE-2023-34598

Related Vulnerabilities

WordPress Plugin WHIZZ Cross-Site Scripting (1.0.7)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-12157)

WordPress Plugin Advanced Contact form 7 DB Arbitrary File Upload (1.4.4)

Apache HTTP Server Other Vulnerability (CVE-2002-0654)

WordPress Plugin Elementor Website Builder Cross-Site Scripting (3.4.7)

Severity

Critical

Classification

CVE-2023-34598 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities