Gambio : Security Vulnerabilities, CVEs, CVSS score >= 6
SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-12
Updated
2024-02-15
Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-02-12
Updated
2024-02-15
Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template.
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-12
Updated
2024-02-15
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-12
Updated
2024-02-15
Gambio GX before 4.0.1.0 allows admin/admin.php CSRF.
Max CVSS
8.8
EPSS Score
0.15%
Published
2020-07-28
Updated
2020-07-31
SQL injection vulnerability in product_reviews_info.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2011-10-09
Updated
2017-08-29
6 vulnerabilities found