CVE-2024-24725 – This vulnerability allows remote authenticated ... (How to Fix)

Q: What is the severity of CVE-2024-24725?

CVE-2024-24725 has a CVSS score of 8.8 (HIGH). This vulnerability allows remote authenticated users to execute arbitrary PHP code through deserialization attacks in Gibbon's import functionality. Attackers can achieve remote code execution by manipulating the columnOrder parameter in POST requests. All Gibbon installations up to version 26.0.00 are affected.

📋 TL;DR

This vulnerability allows remote authenticated users to execute arbitrary PHP code through deserialization attacks in Gibbon's import functionality. Attackers can achieve remote code execution by manipulating the columnOrder parameter in POST requests. All Gibbon installations up to version 26.0.00 are affected.

💻 Affected Systems

Products:

Gibbon

Versions: All versions through 26.0.00

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access to the import functionality.

📦 What is this software?

Gibbon by Gibbonedu

View all CVEs affecting Gibbon →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the web server, allowing data theft, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Remote code execution leading to web shell deployment, credential harvesting, and data exfiltration from the Gibbon database.

🟢

If Mitigated

Limited impact if proper network segmentation, web application firewalls, and least privilege authentication are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires authenticated access but is straightforward to execute with publicly available proof-of-concept code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 26.0.01 or later

Vendor Advisory: https://gibbonedu.org/download/

Restart Required: No

Instructions:

1. Download latest version from Gibbon website. 2. Backup current installation. 3. Replace affected files with patched version. 4. Verify import functionality works correctly.

🔧 Temporary Workarounds

Disable Import Module

linux

Temporarily disable the vulnerable import functionality

mv modules/System\ Admin/import_run.php modules/System\ Admin/import_run.php.disabled

Web Application Firewall Rule

all

Block requests to the vulnerable endpoint

Add WAF rule to block POST requests containing 'modules/System%20Admin/import_run.php' with 'type=externalAssessment' and 'step=4'

🧯 If You Can't Patch

Restrict access to import functionality to only trusted administrators
Implement network segmentation to isolate Gibbon from critical systems

🔍 How to Verify

Check if Vulnerable:

Check if Gibbon version is 26.0.00 or earlier and if import_run.php exists in modules/System Admin/

Check Version:

grep -r 'gibbonVersion' gibbon/core/version.php | cut -d"'" -f2

Verify Fix Applied:

Verify Gibbon version is 26.0.01 or later and test import functionality with safe test data

📡 Detection & Monitoring

Log Indicators:

POST requests to /modules/System%20Admin/import_run.php with columnOrder parameter containing serialized data
Unusual PHP process execution from web user

Network Indicators:

HTTP POST requests with unusual columnOrder parameter values to the import endpoint

SIEM Query:

source="web_logs" AND uri="*import_run.php*" AND method="POST" AND (params="*columnOrder*" OR params="*O:*")

📊 Metadata

CVE ID: CVE-2024-24725

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-502

Published: March 23, 2024

Last Updated: July 29, 2025

🔗 References

https://gibbonedu.org/download/ Product
https://www.exploit-db.com/exploits/51903 Exploit
https://gibbonedu.org/download/ Product
https://www.exploit-db.com/exploits/51903 Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24725, you might also want to check these: