Show filters
10 Total Results
Displaying 1-10 of 10
Sort by:
Attacker Value
Very High

CVE-2024-23759

Disclosure Date: February 12, 2024 (last updated February 26, 2025)
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
2
1
Attacker Value
Unknown

CVE-2024-23763

Disclosure Date: February 12, 2024 (last updated February 26, 2025)
SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-23762

Disclosure Date: February 12, 2024 (last updated February 26, 2025)
Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-23761

Disclosure Date: February 12, 2024 (last updated February 26, 2025)
Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-23760

Disclosure Date: February 12, 2024 (last updated February 26, 2025)
Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-10982

Disclosure Date: July 28, 2020 (last updated February 21, 2025)
Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-10984

Disclosure Date: July 28, 2020 (last updated February 21, 2025)
Gambio GX before 4.0.1.0 allows admin/admin.php CSRF.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-10983

Disclosure Date: July 28, 2020 (last updated February 21, 2025)
Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-10985

Disclosure Date: July 28, 2020 (last updated February 21, 2025)
Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2010-4954

Disclosure Date: October 09, 2011 (last updated October 04, 2023)
SQL injection vulnerability in product_reviews_info.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
0
0