CVE-2024-23761

Name of the Vulnerable Software and Affected Versions Gambio version 4.9.2.0

Description The issue allows attackers to run arbitrary code via crafted smarty email template. This is a Server Side Template Injection in Gambio.

Recommendations For Gambio version 4.9.2.0, as a temporary workaround, consider disabling the use of crafted smarty email templates until a patch is available. Restrict access to the email template functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.