Ghostwire

CVE-2026-8207: Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the ...

MEDIUM CVSS 0.0 Exploit Available

Published: May 9, 2026 | Last Modified: May 9, 2026

Description

Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.php#L145 feature. Successful exploitation requires Teacher or higher privileges. Exploitation could result in unintended read/write activities to the underlying database.

Ghostwire Analysis — What This Means Practically

Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

References

github.com/GibbonEdu/core/releases/tag/v30.0.01
projectblack.io/blog/gibbon-v30-authenticated-sql-injection-and-rce/#sql-injecti
www.tenable.com/cve/CVE-2026-8207
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-8207