5 matches found
CVE-2024-23759
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function...
Deserialization of untrusted data
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function...
CVE-2024-23759
CVE-2024-23759 affects Gambio Online Webshop up to version 4.9.2.0 and earlier. The issue is a deserialization of untrusted data in the Parcelshopfinder/AddAddressBookEntry function, enabling remote attackers to execute arbitrary code via an unauthenticated HTTP POST request. Root cause is insecu...
CVE-2024-23759
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function...
Gambio Code Issue Vulnerability
Gambio is an all-in-one e-commerce solution from Gambio, Inc. A code issue vulnerability exists in Gambio version 4.9.2.0 and earlier, which stems from the system containing deserialization of untrusted data, allowing an attacker to run arbitrary code via the search parameter in...