Gambio : Security Vulnerabilities, CVEs, CVSS score >= 9
SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-12
Updated
2024-02-15
Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template.
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-12
Updated
2024-02-15
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-12
Updated
2024-02-15
3 vulnerabilities found