CVE-2026-8209
Gibbon v30.0.00 Authenticated DOS via Path Traversal
Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of the file and a DOS condition. Successful exploitation requires Teacher or higher privileges. Exploitation could result in loss of availability of the web application.
https://www.cve.org/CVERecord?id=CVE-2026-8209
Gibbon v30.0.00: Authenticated SQL Injection and RCE
We go back to school to hunt down some SQL Injection, Local File Inclusion, and DoS in the Gibbon school management software.
Nikolai Makaroff