Vulnerability Description
Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PHP. Successful exploitation requires Teacher or higher privileges. Exploitation could result in compromise of the underlying web server.
Related Weaknesses (CWE)
References
- https://github.com/GibbonEdu/core/releases/tag/v30.0.01
- https://projectblack.io/blog/gibbon-v30-authenticated-sql-injection-and-rce/#loc
FAQ
What is CVE-2026-8208?
CVE-2026-8208 is a documented vulnerability. Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PHP...
How severe is CVE-2026-8208?
CVSS scoring is not yet available for CVE-2026-8208. Check NVD for updates.
Is there a patch for CVE-2026-8208?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.