Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gambio gambio 4.9.2.0 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-23759
Deserialization of Untrusted Data in Gambio up to and including 4.9.2.0 allows malicious users to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.
Gambio Gambio 4.9.2.0
2.7
CVSSv3
CVE-2024-23760
Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows malicious users to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot.
Gambio Gambio 4.9.2.0
9.8
CVSSv3
CVE-2024-23761
Server Side Template Injection in Gambio 4.9.2.0 allows malicious users to run arbitrary code via crafted smarty email template.
Gambio Gambio 4.9.2.0
7.8
CVSSv3
CVE-2024-23762
Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows malicious users to execute arbitrary code via upload of crafted PHP file.
Gambio Gambio 4.9.2.0
9.8
CVSSv3
CVE-2024-23763
SQL Injection vulnerability in Gambio up to and including 4.9.2.0 allows malicious users to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.
Gambio Gambio 4.9.2.0
NA
CVE_2024_23759
A Remote Code Execution vulnerability in Gambio online webshop version 4.9.2.0 and lower allows remote attackers to run arbitrary commands via unauthenticated HTTP POST request. The identified vulnerability within Gambio pertains to an insecure deserialization...
1 Metasploit module
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started