CVE-2026-8207

UNKNOWN 0.0

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.php#L145 feature. Successful exploitation requires Teacher or higher privileges. Exploitation could result in unintended read/write activities to the underlying database.

CWE	CWE-89
Vendor	gibbonedu
Product	gibbon
Published	May 9, 2026

Stay Ahead of the Next One

Get instant alerts for gibbonedu gibbon

Be the first to know when new unknown vulnerabilities affecting gibbonedu gibbon are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

gibbonedu / gibbon

0 < 30.0.01

References

NVD ↗ CVE.org ↗ EPSS Data ↗

projectblack.io: https://projectblack.io/blog/gibbon-v30-authenticated-sql-injection-and-rce/#sql-injectiongetting-warmed-up github.com: https://github.com/GibbonEdu/core/releases/tag/v30.0.01