CVE-2024-24725

High CVSS 8.8

Overview

Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI.

CWE: CWE-502 Published: 2024-03-23T23:15:07.193

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.8 (HIGH)
Detected tags: deserialization (tag impact: MODERATE)

Recommended actions:

Avoid untrusted deserialization; prefer safe formats (JSON) and signatures.

Overview

Recommended tools

Tags