CVE-2026-8209
Path Traversal in Gibbon LMS Before v30.0.01
Publication date: 2026-05-09
Last updated on: 2026-05-09
Assigner: ab69c47f-b95e-4bf2-b2d9-4b1fd1b24b4a
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gibbon | core | to 30.0.01 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-23 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability results in a denial of service (DoS) condition by causing loss of availability of the web application when exploited. Since availability is a key aspect of many compliance standards such as GDPR and HIPAA, this vulnerability could negatively impact compliance by disrupting access to the application and potentially affecting the availability of sensitive data or services.
However, the provided information does not explicitly discuss the impact on compliance with specific standards or regulations.
Can you explain this vulnerability to me?
This vulnerability affects Gibbon versions before v30.0.01 and is a path traversal issue that can lead to a denial of service (DOS). It occurs when an attacker with Teacher or higher privileges attempts to extract web application PHP files using a .zip file. If the extraction fails, the .zip file is deleted, causing a DOS condition by making the web application unavailable.
How can this vulnerability impact me? :
Exploitation of this vulnerability can result in loss of availability of the web application, causing a denial of service (DOS). This means users may be unable to access the application, disrupting normal operations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for attempts to exploit path traversal or ZIP extraction features in the Gibbon web application, especially by users with Teacher or higher privileges.
Since exploitation involves uploading ZIP files containing PHP files and triggering extraction failures that cause denial of service, you can look for unusual .zip file upload attempts or failed extraction logs.
Commands to detect such activity might include:
- Checking web server logs for POST requests to ZIP upload endpoints, e.g., using grep:
- grep -i 'POST' /var/log/apache2/access.log | grep '.zip'
- Monitoring application logs for errors related to ZIP extraction failures or file deletions.
- Using file integrity monitoring to detect unexpected deletions of PHP files in the web application directory.
- Reviewing user activity logs for Teacher or higher privilege accounts performing suspicious file upload or extraction actions.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade Gibbon to version 30.0.01 or later, where this vulnerability has been addressed.
Until the upgrade can be applied, restrict or monitor users with Teacher or higher privileges from uploading ZIP files or performing actions that trigger ZIP extraction.
Additionally, consider implementing strict input validation and file upload restrictions to prevent malicious ZIP files from being processed.
Monitoring and alerting on failed ZIP extraction attempts and unexpected file deletions can help detect exploitation attempts early.