Filtered by vendor Gambio
Subscriptions
Filtered by product Gambio
Subscriptions
Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-23763 | 1 Gambio | 1 Gambio | 2024-11-21 | 9.8 Critical |
SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter. | ||||
CVE-2024-23762 | 1 Gambio | 1 Gambio | 2024-11-21 | 7.8 High |
Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file. | ||||
CVE-2024-23761 | 1 Gambio | 1 Gambio | 2024-11-21 | 9.8 Critical |
Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template. | ||||
CVE-2024-23760 | 1 Gambio | 1 Gambio | 2024-11-21 | 2.7 Low |
Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot. | ||||
CVE-2024-23759 | 1 Gambio | 1 Gambio | 2024-11-21 | 9.8 Critical |
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function. |
Page 1 of 1.