CVE-2024-23759

Summary

CVE-2024-23759 is a deserialization vulnerability affecting versions of Gambio up to 4.9.2.0. attackers can exploit this issue by supplying untrusted data in the "search" parameter of the "Parcelshopfinder/AddAddressBookEntry" function, leading to arbitrary code execution. This vulnerability poses a serious threat, as it allows an attacker to gain complete control over an affected system, potentially resulting in data theft, unauthorized access, or system damage. Successful exploitation does not require user interaction, making it particularly dangerous. It is highly recommended that users update their Gambio installation to a patched version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.