Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gambio gambio 4.9.2.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE_2024_23759
A Remote Code Execution vulnerability in Gambio online webshop version 4.9.2.0 and lower allows remote attackers to run arbitrary commands via unauthenticated HTTP POST request. The identified vulnerability within Gambio pertains to an insecure deserialization...
1 Metasploit module
9.8
CVSSv3
CVE-2024-23759
Deserialization of Untrusted Data in Gambio up to and including 4.9.2.0 allows malicious users to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.
Gambio Gambio 4.9.2.0
1 Metasploit module
2.7
CVSSv3
CVE-2024-23760
Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows malicious users to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot.
Gambio Gambio 4.9.2.0
9.8
CVSSv3
CVE-2024-23761
Server Side Template Injection in Gambio 4.9.2.0 allows malicious users to run arbitrary code via crafted smarty email template.
Gambio Gambio 4.9.2.0
7.8
CVSSv3
CVE-2024-23762
Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows malicious users to execute arbitrary code via upload of crafted PHP file.
Gambio Gambio 4.9.2.0
9.8
CVSSv3
CVE-2024-23763
SQL Injection vulnerability in Gambio up to and including 4.9.2.0 allows malicious users to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.
Gambio Gambio 4.9.2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started