Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gambio gambio 4.9.2.0 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-23759
Deserialization of Untrusted Data in Gambio up to and including 4.9.2.0 allows malicious users to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.
Gambio Gambio 4.9.2.0
2.7
CVSSv3
CVE-2024-23760
Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows malicious users to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot.
Gambio Gambio 4.9.2.0
9.8
CVSSv3
CVE-2024-23761
Server Side Template Injection in Gambio 4.9.2.0 allows malicious users to run arbitrary code via crafted smarty email template.
Gambio Gambio 4.9.2.0
7.8
CVSSv3
CVE-2024-23762
Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows malicious users to execute arbitrary code via upload of crafted PHP file.
Gambio Gambio 4.9.2.0
9.8
CVSSv3
CVE-2024-23763
SQL Injection vulnerability in Gambio up to and including 4.9.2.0 allows malicious users to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.
Gambio Gambio 4.9.2.0
NA
CVE_2024_23759
A Remote Code Execution vulnerability in Gambio online webshop version 4.9.2.0 and lower allows remote attackers to run arbitrary commands via unauthenticated HTTP POST request. The identified vulnerability within Gambio pertains to an insecure deserialization...
1 Metasploit module
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started