Vulnerability — CVE-2024-23759

CVE-2024-23759

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2024-23759
Description:: Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.
Last updated date:: 02/15/2024

Type:: exploit
Confidence:: HIGH
Date of publishing:: 02/15/2024
Reference url to background: https://herolab.usd.de/security-advisories/usd-2023-0046/

Type:: exploit
Confidence:: HIGH
Date of publishing:: 04/19/2024
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/gambio_unauth_rce_cve_2024_23759.rb