CVE-2023-34598
Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) vulnerability where it's possible to include the content of several files present in the installation folder in the server's response.
In order to exploit the vulnerability, an attacker would need to manipulate the "q" parameter to query a local file. This manipulation would cause the file to be included in the server's response. However, it's important to note that this exploit is only effective for files located within the installation folder and under specific conditions, which exclude PHP files, for instance.