Gambio CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (10 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-34408	1 Gambio	1 Gambio	2026-05-05	N/A
An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0). The password reset function can be bypassed to set arbitrary passwords for arbitrary accounts if the ID is known.
CVE-2024-23763	1 Gambio	1 Gambio	2025-05-07	9.8 Critical
SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.
CVE-2024-23759	1 Gambio	1 Gambio	2025-05-07	9.8 Critical
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.
CVE-2024-23760	1 Gambio	1 Gambio	2025-03-28	2.7 Low
Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot.
CVE-2024-23762	1 Gambio	1 Gambio	2025-03-18	7.8 High
Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file.
CVE-2024-23761	1 Gambio	1 Gambio	2024-11-21	9.8 Critical
Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template.
CVE-2020-10985	1 Gambio	1 Gambio Gx	2024-11-21	4.8 Medium
Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php.
CVE-2020-10984	1 Gambio	1 Gambio Gx	2024-11-21	8.8 High
Gambio GX before 4.0.1.0 allows admin/admin.php CSRF.
CVE-2020-10983	1 Gambio	1 Gambio Gx	2024-11-21	4.9 Medium
Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php.
CVE-2020-10982	1 Gambio	1 Gambio Gx	2024-11-21	4.9 Medium
Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php.

Page 1 of 1.