Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
Very High

CVE-2024-23759

Disclosure Date: February 12, 2024 (last updated February 26, 2025)
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
2
1
Attacker Value
Unknown

CVE-2024-23763

Disclosure Date: February 12, 2024 (last updated February 26, 2025)
SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-23762

Disclosure Date: February 12, 2024 (last updated February 26, 2025)
Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-23761

Disclosure Date: February 12, 2024 (last updated February 26, 2025)
Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-23760

Disclosure Date: February 12, 2024 (last updated February 26, 2025)
Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0