CVE-2026-8207
Gibbon v30.0.00 Authenticated SQL Injection
Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing feature. Successful exploitation requires Teacher or higher privileges. Exploitation could result in unintended read/write activities to the underlying database.
https://www.cve.org/CVERecord?id=CVE-2026-8207
Gibbon v30.0.00: Authenticated SQL Injection and RCE
We go back to school to hunt down some SQL Injection, Local File Inclusion, and DoS in the Gibbon school management software.
Nikolai Makaroff