Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.9
CVE-2026-8208: Gibbon versions before v30.0.01 allow hackers to access server files
CVE-2026-8208
Summary
Old versions of Gibbon software are at risk of being hacked by a malicious user with Teacher or higher privileges. If exploited, this could allow the hacker to access and control the server hosting Gibbon, leading to potential data breaches and server crashes. Update to Gibbon version v30.0.01 or later to fix this issue.
Original title
Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as ...
Original description
Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PHP. Successful exploitation requires Teacher or higher privileges. Exploitation could result in compromise of the underlying web server.
nvd CVSS4.0
8.9
Vulnerability type
CWE-98
Improper Control of Filename for Include
Published: 9 May 2026 · Updated: 28 May 2026 · First seen: 9 May 2026