CVE-2026-8209

Description

Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of the file and a DOS condition. Successful exploitation requires Teacher or higher privileges. Exploitation could result in loss of availability of the web application.

References

• https://github.com/GibbonEdu/core/releases/tag/v30.0.01
• https://projectblack.io/blog/gibbon-v30-authenticated-sql-injection-and-rce/#denial-of-service-via-path-traversal