Vulnerabilities > Gambio

DATE CVE VULNERABILITY TITLE RISK
2024-02-12 CVE-2024-23759 Unrestricted Upload of File with Dangerous Type vulnerability in Gambio 4.9.2.0
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.
network
low complexity
gambio CWE-434
critical
 9.8
9.8
2024-02-12 CVE-2024-23760 Information Exposure Through Log Files vulnerability in Gambio 4.9.2.0
Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot.
network
low complexity
gambio CWE-532
2.7
2.7
2024-02-12 CVE-2024-23761 Server-Side Request Forgery (SSRF) vulnerability in Gambio 4.9.2.0
Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template.
network
low complexity
gambio CWE-918
critical
 9.8
9.8
2024-02-12 CVE-2024-23762 Unrestricted Upload of File with Dangerous Type vulnerability in Gambio 4.9.2.0
Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file.
local
low complexity
gambio CWE-434
7.8
7.8
2024-02-12 CVE-2024-23763 SQL Injection vulnerability in Gambio 4.9.2.0
SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.
network
low complexity
gambio CWE-89
critical
 9.8
9.8
2020-07-28 CVE-2020-10985 Cross-site Scripting vulnerability in Gambio GX 4.0.0.0
Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php.
network
gambio CWE-79
3.5
3.5
2020-07-28 CVE-2020-10984 Cross-Site Request Forgery (CSRF) vulnerability in Gambio GX 4.0.0.0
Gambio GX before 4.0.1.0 allows admin/admin.php CSRF.
network
gambio CWE-352
6.8
6.8
2020-07-28 CVE-2020-10983 SQL Injection vulnerability in Gambio GX 4.0.0.0
Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php.
network
low complexity
gambio CWE-89
4.0
4.0
2020-07-28 CVE-2020-10982 SQL Injection vulnerability in Gambio GX 4.0.0.0
Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php.
network
low complexity
gambio CWE-89
4.0
4.0
2011-10-09 CVE-2010-4954 SQL Injection vulnerability in Gambio Xt:Commerce Gambio 2008
SQL injection vulnerability in product_reviews_info.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
network
low complexity
gambio CWE-89
7.5
7.5