VYPR
Vendor

Gambio

Products
2
CVEs
12
Across products
12
Status
Private

Products

2

Recent CVEs

12
  • CVE-2026-34408CriMay 5, 2026
    risk 0.59cvss 9.1epss 0.00

    An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0). The password reset function can be bypassed to set arbitrary passwords for arbitrary accounts if the ID is known.

  • CVE-2024-23759Feb 12, 2024
    risk 0.08cvss epss 0.48

    Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.

  • CVE-2010-4954Oct 9, 2011
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in product_reviews_info.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.

  • CVE-2024-23762Feb 12, 2024
    risk 0.00cvss epss 0.00

    Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file.

  • CVE-2024-23760Feb 12, 2024
    risk 0.00cvss epss 0.00

    Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot.

  • CVE-2024-23763Feb 12, 2024
    risk 0.00cvss epss 0.01

    SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.

  • CVE-2024-23761Feb 12, 2024
    risk 0.00cvss epss 0.01

    Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template.

  • CVE-2020-29133Nov 27, 2020
    risk 0.00cvss epss 0.01

    jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by a .jpg.html filename in the signImgFile parameter.

  • CVE-2020-10982Jul 28, 2020
    risk 0.00cvss epss 0.01

    Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php.

  • CVE-2020-10983Jul 28, 2020
    risk 0.00cvss epss 0.01

    Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php.

  • CVE-2020-10984Jul 28, 2020
    risk 0.00cvss epss 0.01

    Gambio GX before 4.0.1.0 allows admin/admin.php CSRF.

  • CVE-2020-10985Jul 28, 2020
    risk 0.00cvss epss 0.01

    Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php.