Filtered by vendor Gambio Subscriptions
Filtered by product Gambio Subscriptions
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-23763 1 Gambio 1 Gambio 2024-11-21 9.8 Critical
SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.
CVE-2024-23762 1 Gambio 1 Gambio 2024-11-21 7.8 High
Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file.
CVE-2024-23761 1 Gambio 1 Gambio 2024-11-21 9.8 Critical
Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template.
CVE-2024-23760 1 Gambio 1 Gambio 2024-11-21 2.7 Low
Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot.
CVE-2024-23759 1 Gambio 1 Gambio 2024-11-21 9.8 Critical
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.