Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gambio gambio 4.9.2.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE_2024_23759
A Remote Code Execution vulnerability in Gambio online webshop version 4.9.2.0 and lower allows remote attackers to run arbitrary commands via unauthenticated HTTP POST request. The identified vulnerability within Gambio pertains to an insecure deserialization...
1 Metasploit module
NA
CVE-2024-23759
Deserialization of Untrusted Data in Gambio up to and including 4.9.2.0 allows malicious users to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.
Gambio Gambio 4.9.2.0
NA
CVE-2024-23760
Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows malicious users to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot.
Gambio Gambio 4.9.2.0
NA
CVE-2024-23761
Server Side Template Injection in Gambio 4.9.2.0 allows malicious users to run arbitrary code via crafted smarty email template.
Gambio Gambio 4.9.2.0
NA
CVE-2024-23762
Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows malicious users to execute arbitrary code via upload of crafted PHP file.
Gambio Gambio 4.9.2.0
NA
CVE-2024-23763
SQL Injection vulnerability in Gambio up to and including 4.9.2.0 allows malicious users to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.
Gambio Gambio 4.9.2.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started