Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Gambio Subscribe
Total 10 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-23763 1 Gambio 1 Gambio 2024-02-15 N/A 9.8 CRITICAL
SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.
CVE-2024-23762 1 Gambio 1 Gambio 2024-02-15 N/A 7.8 HIGH
Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file.
CVE-2024-23761 1 Gambio 1 Gambio 2024-02-15 N/A 9.8 CRITICAL
Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template.
CVE-2024-23760 1 Gambio 1 Gambio 2024-02-15 N/A 2.7 LOW
Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot.
CVE-2024-23759 1 Gambio 1 Gambio 2024-02-15 N/A 9.8 CRITICAL
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.
CVE-2020-10984 1 Gambio 1 Gambio Gx 2024-02-04 6.8 MEDIUM 8.8 HIGH
Gambio GX before 4.0.1.0 allows admin/admin.php CSRF.
CVE-2020-10983 1 Gambio 1 Gambio Gx 2024-02-04 4.0 MEDIUM 4.9 MEDIUM
Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php.
CVE-2020-10982 1 Gambio 1 Gambio Gx 2024-02-04 4.0 MEDIUM 4.9 MEDIUM
Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php.
CVE-2020-10985 1 Gambio 1 Gambio Gx 2024-02-04 3.5 LOW 4.8 MEDIUM
Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php.
CVE-2010-4954 1 Gambio 1 Xt\ 2024-02-04 7.5 HIGH N/A
SQL injection vulnerability in product_reviews_info.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.