← Back

Gambio

gambio

10 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Gambio
gambio
5 CVEs
Gambio Gx
gambio_gx
4 CVEs
Xt\
xt\
1 CVE

CVEs (10)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-23763
1Gambio
1Gambio
May 7, 2025
Feb 12, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.
CVE-2024-23762
1Gambio
1Gambio
Mar 18, 2025
Feb 12, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file.
CVE-2024-23761
1Gambio
1Gambio
Nov 21, 2024
Feb 12, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template.
CVE-2024-23760
1Gambio
1Gambio
Mar 28, 2025
Feb 12, 2024
N/A· v4
2.7 LOW· v3
N/A· v2
Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot.
CVE-2024-23759
1Gambio
1Gambio
May 7, 2025
Feb 12, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.
CVE-2020-10985
1Gambio
1Gambio Gx
Nov 21, 2024
Jul 28, 2020
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php.
CVE-2020-10984
1Gambio
1Gambio Gx
Nov 21, 2024
Jul 28, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Gambio GX before 4.0.1.0 allows admin/admin.php CSRF.
CVE-2020-10983
1Gambio
1Gambio Gx
Nov 21, 2024
Jul 28, 2020
N/A· v4
4.9 MEDIUM· v3
4.0 MEDIUM· v2
Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php.
CVE-2020-10982
1Gambio
1Gambio Gx
Nov 21, 2024
Jul 28, 2020
N/A· v4
4.9 MEDIUM· v3
4.0 MEDIUM· v2
Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php.
CVE-2010-4954
1Gambio
1Xt\
Apr 29, 2026
Oct 9, 2011
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in product_reviews_info.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.