CVE-2026-8208
Received Received - Intake
Local File Inclusion RCE in Gibbon LMS

Publication date: 2026-05-09

Last updated on: 2026-05-09

Assigner: ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a

Description
Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PHP. Successful exploitation requires Teacher or higher privileges. Exploitation could result in compromise of the underlying web server.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-09
Last Modified
2026-05-09
Generated
2026-06-19
AI Q&A
2026-05-09
EPSS Evaluated
2026-06-18
NVD
CVE-2026-8208
EUVD
EUVD-2026-28898
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gibbon core to 30.0.01 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-98 The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects Gibbon versions before v30.0.01 and is a local file inclusion (LFI) flaw that can lead to remote code execution (RCE). It occurs by changing the report archive directory and forcing the system to interpret a user-provided .zip file as PHP code. Successful exploitation requires the attacker to have Teacher or higher privileges within the system.

The vulnerability allows an attacker to upload ZIP files containing malicious PHP code disguised as other file types. When these files are extracted and accessed through predictable paths, the attacker can execute arbitrary code on the underlying web server.

Impact Analysis

Exploitation of this vulnerability can lead to compromise of the underlying web server hosting the Gibbon application. An attacker with Teacher or higher privileges could execute arbitrary code remotely, potentially gaining control over the server.

This could result in unauthorized access to sensitive data, disruption of services, and further attacks on the network or connected systems.

Detection Guidance

Detection of this vulnerability involves identifying attempts to exploit the local file inclusion (LFI) and remote code execution (RCE) via the report archive directory in Gibbon versions before v30.0.01. Since exploitation requires Teacher or higher privileges, monitoring authenticated user actions related to report archiving and ZIP file uploads is critical.

Network or system detection can include:

  • Monitoring web server logs for unusual requests involving ZIP file uploads or access to report archive directories.
  • Checking for unexpected PHP file executions originating from user-uploaded ZIP archives.
  • Using commands to search for recently modified or created PHP files in the report archive directory, for example:
  • find /path/to/gibbon/report/archive -name '*.php' -mtime -7
  • Reviewing user activity logs for Teacher or higher privilege accounts performing report archive operations.
Mitigation Strategies

The primary immediate mitigation step is to upgrade Gibbon to version 30.0.01 or later, where this vulnerability has been addressed.

Additional mitigation steps include:

  • Restricting Teacher or higher privilege accounts to trusted users only.
  • Monitoring and limiting file uploads, especially ZIP files, to prevent malicious PHP code execution.
  • Applying strict input validation and sanitization on report archive features if custom patches or interim fixes are applied.
  • Raising awareness among administrators to watch for suspicious activity related to report archiving.
Compliance Impact

The provided information does not explicitly address how the local file inclusion vulnerability in Gibbon affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8208. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart