CVE-2024-23759

Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function...

CVE-2020-10985

Gambio GX before 4.0.1.0 allows XSS in admin/couponadmin.php...