CVE-2026-8207
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-8207
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.php#L145 feature. Successful exploitation requires Teacher or higher privileges. Exploitation could result in unintended read/write activities to the underlying database.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-8207
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-8207
Please Login to view more intelligence information
- Release Nam Chung (Update) · GibbonEdu/core · GitHubvendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-8207
Same Patch Batch · gibbonedu · 2026-05-09 · 3 CVEs total
| CVE-2026-8208 | Gibbon<30.0.01本地文件包含致RCE | |
| CVE-2026-8209 | Gibbon<30.0.01路径遍历漏洞导致拒绝服务 |
IV. Related Vulnerabilities
Same weakness: CWE-89
- CVE-2026-42287
Emlog: SQL Injection Vulnerability in log_model.php within a - CVE-2026-41889
pgx: SQL Injection via placeholder confusion with dollar quo - CVE-2026-41496
PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 - CVE-2026-42208
LiteLLM: SQL injection in Proxy API key verification - CVE-2026-8133
zyx0814 FilePress Shares Filelist API admin.php sql injectio
V. Comments for CVE-2026-8207
No comments yet