SQL injection vulnerability in product_reviews_info.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
8.7AI Score
0.001EPSS
4.9CVSS
5.9AI Score
0.001EPSS
4.9CVSS
5.9AI Score
0.001EPSS
8.8CVSS
8.6AI Score
0.002EPSS
4.8CVSS
4.9AI Score
0.001EPSS
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.
9.8CVSS
9.5AI Score
0.374EPSS
Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot.
2.7CVSS
3.7AI Score
0.0004EPSS
Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template.
9.8CVSS
9.5AI Score
0.001EPSS
Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file.
7.8CVSS
7.9AI Score
0.0004EPSS
SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.
9.8CVSS
9.8AI Score
0.001EPSS