Gambio

gambio

Vendor: Gambio • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-23763 1Gambio 1Gambio May 7, 2025 Feb 12, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.
CVE-2024-23762 1Gambio 1Gambio Mar 18, 2025 Feb 12, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file.
CVE-2024-23761 1Gambio 1Gambio Nov 21, 2024 Feb 12, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template.
CVE-2024-23760 1Gambio 1Gambio Mar 28, 2025 Feb 12, 2024 N/A· v4 2.7 LOW· v3 N/A· v2 Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot.
CVE-2024-23759 1Gambio 1Gambio May 7, 2025 Feb 12, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.