What is CVE-2024-23759?

CVE-2024-23759 is a vulnerability in N/a. Published 2024-02-12.

Is CVE-2024-23759 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2024-23759

Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.

EPSS: 0.671 (98.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
fkie-cad/nvd-json-data-feeds

References

herolab.usd.de/security-advisories/usd-2023-0046/

Frequently asked questions

What is CVE-2024-23759?: CVE-2024-23759 is a vulnerability in N/a. Published 2024-02-12.
Is CVE-2024-23759 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.