Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-23759

Published: 12/02/2024 Updated: 15/02/2024
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Gambio

Vulnerability Summary

Deserialization of Untrusted Data in Gambio up to and including 4.9.2.0 allows malicious users to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.

Vulnerable Product Search on Vulmon Subscribe to Product

gambio gambio 4.9.2.0

Vendor Advisories

Check Point Security Alerts: Gambio Insecure Deserialization (CVE-2024-23759)
Check Point Reference: CPAI-2024-0186 Date Published: 18 Apr 2024 Severity: Critical ...

Exploits

Exploit DB: Gambio Online Webshop 4.9.2.0 Remote Code Execution
A remote code execution vulnerability in Gambio online webshop versions 4920 and below allows remote attackers to run arbitrary commands via an unauthenticated HTTP POST request The identified vulnerability within Gambio pertains to an insecure deserialization flaw, which ultimately allows an attacker to execute remote code on affected systems ...

References

CWE-434https://herolab.usd.de/security-advisories/usd-2023-0046/https://nvd.nist.govhttps://packetstormsecurity.com/files/178222/Gambio-Online-Webshop-4.9.2.0-Remote-Code-Execution.htmlhttps://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2024-0186.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook