Vulnerabilities > Gambio > Gambio
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-12 | CVE-2024-23759 | Unrestricted Upload of File with Dangerous Type vulnerability in Gambio 4.9.2.0 Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function. | 9.8 |
| 2024-02-12 | CVE-2024-23760 | Information Exposure Through Log Files vulnerability in Gambio 4.9.2.0 Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot. | 2.7 |
| 2024-02-12 | CVE-2024-23761 | Server-Side Request Forgery (SSRF) vulnerability in Gambio 4.9.2.0 Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template. | 9.8 |
| 2024-02-12 | CVE-2024-23762 | Unrestricted Upload of File with Dangerous Type vulnerability in Gambio 4.9.2.0 Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file. | 7.8 |
| 2024-02-12 | CVE-2024-23763 | SQL Injection vulnerability in Gambio 4.9.2.0 SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter. | 9.8 |