Filtered by vendor Gambio Subscriptions
Total 10 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-23763 1 Gambio 1 Gambio 2024-11-21 9.8 Critical
SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.
CVE-2024-23762 1 Gambio 1 Gambio 2024-11-21 7.8 High
Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file.
CVE-2024-23761 1 Gambio 1 Gambio 2024-11-21 9.8 Critical
Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template.
CVE-2024-23760 1 Gambio 1 Gambio 2024-11-21 2.7 Low
Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot.
CVE-2024-23759 1 Gambio 1 Gambio 2024-11-21 9.8 Critical
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.
CVE-2020-10985 1 Gambio 1 Gambio Gx 2024-11-21 4.8 Medium
Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php.
CVE-2020-10984 1 Gambio 1 Gambio Gx 2024-11-21 8.8 High
Gambio GX before 4.0.1.0 allows admin/admin.php CSRF.
CVE-2020-10983 1 Gambio 1 Gambio Gx 2024-11-21 4.9 Medium
Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php.
CVE-2020-10982 1 Gambio 1 Gambio Gx 2024-11-21 4.9 Medium
Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php.
CVE-2010-4954 1 Gambio 1 Xt\ 2024-11-21 N/A
SQL injection vulnerability in product_reviews_info.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.