Deserialization of Untrusted Data in Gambio up to and including 4.9.2.0 allows malicious users to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gambio gambio 4.9.2.0 |