CVE-2024-24725
published 2024-03-23CVE-2024-24725: Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the…
PriorityP274high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
51.32%
98.8th percentile
Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gibbonedu | gibbon | <= 26.0.00 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor POST requests targeting the Gibbon import_run.php endpoint with query parameters type=externalAssessment and step=4, which is the specific attack vector for this PHP deserialization vulnerability. ↗
- →Inspect the POST body for a `columnOrder` parameter containing serialized PHP payloads (e.g., strings beginning with 'O:', 'a:', 's:' typical of PHP serialization format), as this is the deserialization injection point. ↗
- →Alert on authenticated sessions making POST requests to the System Admin import module with step=4, as exploitation requires authentication but can lead to full RCE, data exfiltration, or unauthorized access. ↗
- ·Exploitation requires prior authentication; unauthenticated users cannot trigger this deserialization vulnerability. Detection rules should account for valid session tokens accompanying the malicious POST request. ↗
- ·Affected versions are Gibbon 26.0.00 and below. Ensure detection scope is limited to environments running these versions, as patched versions may not be vulnerable. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2024-03-23
Published