cbcvebase.
CVE-2023-34598
published 2023-06-29

CVE-2023-34598: Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in…

PriorityP185critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
47.24%
98.7th percentile
Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response.

Affected

1 ranges
VendorProductVersion rangeFixed in
gibbonedugibbon

Detection & IOCsextracted from sources · hover to see the quote

path/?q=./gibbon.sql
path/gibbon.sql
  • HTTP GET request to /?q=./gibbon.sql; a 200 response containing both 'phpMyAdmin SQL Dump' and 'gibbon' in the body confirms successful LFI exploitation of the gibbon.sql installation file.
  • Identify exposed Gibbon installations via Shodan favicon hash -165631681 or FOFA icon_hash -165631681 to find potentially vulnerable targets.
  • Response body keyword match: presence of 'phpMyAdmin SQL Dump' AND 'gibbon' in the HTTP response body indicates the SQL dump file was successfully included and returned.
  • ·The vulnerability affects specifically Gibbon v25.0.0; the LFI is triggered via the 'q' query parameter pointing to files within the installation folder.
  • ·The template targets gibbon.sql specifically, but the vulnerability description states 'several files' in the installation folder are includable — additional paths beyond gibbon.sql may be exploitable.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.