Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23763 | 1 Gambio | 1 Gambio | 2024-02-15 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter. | |||||
| CVE-2024-23762 | 1 Gambio | 1 Gambio | 2024-02-15 | N/A | 7.8 HIGH |
| Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file. | |||||
| CVE-2024-23761 | 1 Gambio | 1 Gambio | 2024-02-15 | N/A | 9.8 CRITICAL |
| Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template. | |||||
| CVE-2024-23760 | 1 Gambio | 1 Gambio | 2024-02-15 | N/A | 2.7 LOW |
| Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot. | |||||
| CVE-2024-23759 | 1 Gambio | 1 Gambio | 2024-02-15 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function. | |||||