Gambio: Security Vulnerabilities
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.
CVSS Score
9.8
EPSS Score
0.644
Published
2024-02-12
Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot.
CVSS Score
2.7
EPSS Score
0.001
Published
2024-02-12
Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-12
Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-02-12
SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-12
Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php.
CVSS Score
4.9
EPSS Score
0.004
Published
2020-07-28
Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php.
CVSS Score
4.9
EPSS Score
0.004
Published
2020-07-28
Gambio GX before 4.0.1.0 allows admin/admin.php CSRF.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-07-28
Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-07-28
SQL injection vulnerability in product_reviews_info.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
CVSS Score
7.5
EPSS Score
0.005
Published
2011-10-09
Page 1