Lucene search
MitreCVE-2024-23759HistoryFeb 12, 2024 - 10:15 p.m.
CVE-2024-23759
2024-02-1222:15:08
CWE-434
mitre
web.nvd.nist.gov
28
cve
deserialization
untrusted data
gambio
parcelshopfinder
addaddressbookentry
security flaw
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.5
Confidence
High
EPSS
0.374
Percentile
97.2%
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via “search” parameter of the Parcelshopfinder/AddAddressBookEntry" function.
Affected configurations
Node
gambiogambioMatch4.9.2.0
Related
prion
prion
Deserialization of untrusted data
2024-02-12 22:15:00
packetstorm
packetstorm
Gambio Online Webshop 4.9.2.0 Remote Code Execution
2024-04-23 00:00:00
cvelist
cvelist
CVE-2024-23759
2024-02-12 00:00:00
nvd
nvd
CVE-2024-23759
2024-02-12 22:15:08
metasploit
metasploit
Gambio Online Webshop unauthenticated PHP Deserialization Vulnerability
2024-03-24 09:32:56
zdt
zdt
Gambio Online Webshop 4.9.2.0 Remote Code Execution Exploit
2024-04-23 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up 04/26/24
2024-04-26 19:49:58
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.5
Confidence
High
EPSS
0.374
Percentile
97.2%
Related for CVE-2024-23759