cbcvebase.
CVE-2024-24724
published 2024-04-03

CVE-2024-24724: Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is…

PriorityP178critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
26.09%
97.7th percentile
Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine (messengerSettings.php) without sanitization.

Affected

1 ranges
VendorProductVersion rangeFixed in
gibbonedugibbon<= 26.0.00

Detection & IOCsextracted from sources · hover to see the quote

  • ·Exploitation requires valid authenticated credentials; the exploit performs a login step first and uses the resulting session cookie for the SSTI injection. Detections based solely on the injection endpoint may miss unauthenticated probing attempts but should still fire on authenticated abuse.
  • ·The vulnerability exists in the `signatureTemplate` field which is stored and later rendered by the Twig engine; the payload is injected via POST but triggered on a subsequent GET request, meaning a single-request detection may not capture the full attack chain.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.