CVE-2026-8208
Published
CVSS v3
N/A
CVSS v2
N/A
Affected
1
PROJECT
Description
Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PHP. Successful exploitation requires Teacher or higher privileges. Exploitation could result in compromise of the underlying web server.
Gibbon is a flexible, open source school management platform designed to make life better for teachers, students, parents and leaders.
GitHub