CVE-2024-23759

Severity CVSS v4.0:
Pending analysis
Type:
CWE-434 Unrestricted Upload of File with Dangerous Type
Publication date:
12/02/2024
Last modified:
07/05/2025

Description

Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:gambio:gambio:4.9.2.0:*:*:*:*:*:*:*