CVE-2023-45880 – This vulnerability allows attackers to perform ... (How to Fix)

Q: What is the severity of CVE-2023-45880?

CVE-2023-45880 has a CVSS score of 7.2 (HIGH). This vulnerability allows attackers to perform directory traversal in GibbonEdu's report template builder, enabling them to create arbitrary PHP files in the webroot directory. This affects all GibbonEdu installations up to version 25.0.0, potentially leading to remote code execution.

📋 TL;DR

This vulnerability allows attackers to perform directory traversal in GibbonEdu's report template builder, enabling them to create arbitrary PHP files in the webroot directory. This affects all GibbonEdu installations up to version 25.0.0, potentially leading to remote code execution.

💻 Affected Systems

Products:

GibbonEdu

Versions: through version 25.0.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires attacker to have access to create Asset Components (typically authenticated access).

📦 What is this software?

Gibbon by Gibbonedu

View all CVEs affecting Gibbon →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data exfiltration, or ransomware deployment.

🟠

Likely Case

Webshell deployment allowing persistent access, data theft, or lateral movement within the network.

🟢

If Mitigated

Limited impact if proper file upload restrictions and web application firewalls are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 25.0.1 or later

Vendor Advisory: https://github.com/GibbonEdu/core/security/advisories/GHSA-4q8c-8j9f-5q5q

Restart Required: No

Instructions:

1. Backup your GibbonEdu installation and database. 2. Download and install GibbonEdu version 25.0.1 or later. 3. Replace all files with the new version. 4. Run the update script if prompted.

🔧 Temporary Workarounds

Restrict Asset Component Creation

all

Temporarily disable or restrict permissions for creating Asset Components in the report template builder.

Web Application Firewall Rules

all

Implement WAF rules to block directory traversal patterns in templateFileDestination parameter.

🧯 If You Can't Patch

Implement strict file upload validation to prevent PHP file creation outside designated directories.
Monitor webroot directory for unauthorized PHP file creation and implement file integrity monitoring.

🔍 How to Verify

Check if Vulnerable:

Check if GibbonEdu version is 25.0.0 or earlier by reviewing the version in the admin interface or checking the core/version.php file.

Check Version:

grep "\$version" /path/to/gibbon/core/version.php

Verify Fix Applied:

Verify installation is running version 25.0.1 or later and test that directory traversal attempts in templateFileDestination parameter are blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual file creation events in webroot directory
Multiple failed directory traversal attempts in web server logs
Asset Component creation by unexpected users

Network Indicators:

HTTP requests with directory traversal patterns in templateFileDestination parameter
Unexpected PHP file uploads to non-standard locations

SIEM Query:

source="web_logs" AND (templateFileDestination CONTAINS "../" OR templateFileDestination CONTAINS "..\")

📊 Metadata

CVE ID: CVE-2023-45880

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: November 14, 2023

Last Updated: November 21, 2024

🔗 References

https://herolab.usd.de/security-advisories/usd-2023-0022/ Exploit,Third Party Advisory
https://herolab.usd.de/security-advisories/usd-2023-0022/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-45880, you might also want to check these: