CVE-2026-34408

An issue was discovered in Gambio 4.9.2.0 patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0. The password reset function can be bypassed to set arbitrary passwords for arbitrary accounts if the ID is known...

CVE-2024-23763

SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiersattribute parameter...

CVE-2024-23760

Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot...

CVE-2024-23762

Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file...

CVE-2024-23762

Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file...

CVE-2024-23760

Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot...

CVE-2024-23763

SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiersattribute parameter...

CVE-2024-23760

Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot...

CVE-2024-23761

Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template...

Sql injection

Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template...

Information disclosure

Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot...

Unrestricted file upload

Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file...

CVE-2024-23761

Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template...

CVE-2024-23761

CVE-2024-23761 affects Gambio, specifically version 4.9.2.0 (and prior per CNNVD/CNNVD-like sources), where a Server Side Template Injection via a crafted smarty email template allows an attacker to execute arbitrary code. The issue is described consistently across Red Hat, NVD, CVE listings, and...

PT-2024-20066 · Gambio · Gambio

Name of the Vulnerable Software and Affected Versions: Gambio versions 4.9.2.0 and earlier Description: The issue allows attackers to run arbitrary SQL commands via a crafted GET request using the modifiersattribute parameter. This enables attackers to potentially extract or modify sensitive data...

CVE-2024-23762

Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file...

CVE-2024-23760

Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot...

CVE-2024-23760

Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot...

CVE-2024-23761

Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template...

CVE-2024-23763

SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiersattribute parameter...