cbcvebase.
CVE-2024-24725
published 2024-03-23

CVE-2024-24725: Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the…

PriorityP274high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
51.32%
98.8th percentile
Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI.

Affected

1 ranges
VendorProductVersion rangeFixed in
gibbonedugibbon<= 26.0.00

Detection & IOCsextracted from sources · hover to see the quote

url/modules/System%20Admin/import_run.php&type=externalAssessment&step=4
path/modules/System Admin/import_run.php
  • Monitor POST requests targeting the Gibbon import_run.php endpoint with query parameters type=externalAssessment and step=4, which is the specific attack vector for this PHP deserialization vulnerability.
  • Inspect the POST body for a `columnOrder` parameter containing serialized PHP payloads (e.g., strings beginning with 'O:', 'a:', 's:' typical of PHP serialization format), as this is the deserialization injection point.
  • Alert on authenticated sessions making POST requests to the System Admin import module with step=4, as exploitation requires authentication but can lead to full RCE, data exfiltration, or unauthorized access.
  • ·Exploitation requires prior authentication; unauthenticated users cannot trigger this deserialization vulnerability. Detection rules should account for valid session tokens accompanying the malicious POST request.
  • ·Affected versions are Gibbon 26.0.00 and below. Ensure detection scope is limited to environments running these versions, as patched versions may not be vulnerable.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.