CVE-2024-23759
12.02.2024, 22:15
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.Enginsight
| Vendor | Product | Version |
|---|---|---|
| gambio | gambio | 4.9.2.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-434 - Unrestricted Upload of File with Dangerous TypeThe software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
- CWE-502 - Deserialization of Untrusted DataThe application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.