Filtered by vendor Gambio
Subscribe
Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23763 | 1 Gambio | 1 Gambio | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter. | |||||
| CVE-2024-23762 | 1 Gambio | 1 Gambio | 2024-11-21 | N/A | 7.8 HIGH |
| Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file. | |||||
| CVE-2024-23761 | 1 Gambio | 1 Gambio | 2024-11-21 | N/A | 9.8 CRITICAL |
| Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template. | |||||
| CVE-2024-23760 | 1 Gambio | 1 Gambio | 2024-11-21 | N/A | 2.7 LOW |
| Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot. | |||||
| CVE-2024-23759 | 1 Gambio | 1 Gambio | 2024-11-21 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function. | |||||
| CVE-2020-10985 | 1 Gambio | 1 Gambio Gx | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php. | |||||
| CVE-2020-10984 | 1 Gambio | 1 Gambio Gx | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Gambio GX before 4.0.1.0 allows admin/admin.php CSRF. | |||||
| CVE-2020-10983 | 1 Gambio | 1 Gambio Gx | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php. | |||||
| CVE-2020-10982 | 1 Gambio | 1 Gambio Gx | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php. | |||||
| CVE-2010-4954 | 1 Gambio | 1 Xt\ | 2024-11-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product_reviews_info.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the products_id parameter. | |||||