Description
GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathname (and extension). This allows creation of PHP files outside of the uploads directory, directly in the webroot.
Remediation
References
Related Vulnerabilities
PmWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4453)
MySQL CVE-2016-3440 Vulnerability (CVE-2016-3440)
WordPress Plugin AI ChatBot SQL Injection (4.8.9)
Oracle Database Server CVE-2011-0881 Vulnerability (CVE-2011-0881)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3732)