Lucene search

Gambio Security Vulnerabilities

cve

CVE-2010-4954

SQL injection vulnerability in product_reviews_info.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.

8.7AI Score

0.001EPSS

2011-10-09 10:55 AM

cve

CVE-2020-10982

Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php.

4.9CVSS

5.9AI Score

0.001EPSS

2020-07-28 09:15 PM

cve

CVE-2020-10983

Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php.

4.9CVSS

5.9AI Score

0.001EPSS

2020-07-28 09:15 PM

cve

CVE-2020-10984

Gambio GX before 4.0.1.0 allows admin/admin.php CSRF.

8.8CVSS

8.6AI Score

0.002EPSS

2020-07-28 09:15 PM

cve

CVE-2020-10985

Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php.

4.8CVSS

4.9AI Score

0.001EPSS

2020-07-28 09:15 PM

cve

CVE-2024-23759

Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.

9.8CVSS

9.5AI Score

0.374EPSS

2024-02-12 10:15 PM

cve

CVE-2024-23760

Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot.

2.7CVSS

3.7AI Score

0.0004EPSS

2024-02-12 10:15 PM

cve

CVE-2024-23761

Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template.

9.8CVSS

9.5AI Score

0.001EPSS

2024-02-12 10:15 PM

cve

CVE-2024-23762

Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file.

7.8CVSS

7.9AI Score

0.0004EPSS

2024-02-12 10:15 PM

cve

CVE-2024-23763

SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.

9.8CVSS

9.8AI Score

0.001EPSS

2024-02-12 10:15 PM