#gambio — Public Fediverse posts on home.social

Marcel SIneM(S)US @[email protected] · 2026-04-01 · 03:09 UTC

Angreifer knacken #Gambio-Webshops – Updates verfügbar | Security https://www.heise.de/news/Updaten-Angriffe-auf-Gambio-Webshops-11229519.html #Patchday #exploit #SQLinjection

#gambio #patchday #exploit #sqlinjection

usd AG @[email protected] · 2024-05-03 · 14:15 UTC

Our #usdHeroLab professionals have uncovered a vulnerability in the online store software #Gambio during their #pentests.

Our analysts discovered a vulnerability in the password reset functionality. Exploiting this vulnerability would enable an attacker to change the password for any account and take over, for example, the administrator account of the application.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy.

👉 More details: https://herolab.usd.de/en/security-advisories/usd-2024-0002/

#usdherolab #gambio #pentests

usd AG @[email protected] · 2024-01-22 · 12:31 UTC

Our #usdHeroLab #Pentest professionals analyzed #Gambio during their pentests.
1⃣Vulnerability Type: several vulnerabilities with partly high risk
🚨Security Risk: Critical
🧵👇 More Details

🧐Gambio is a software designed for running online shops. It provides various features and tools to help businesses manage their inventory, process orders, and handle customer interactions.

The identified vulnerabilities allowed unauthenticated attackers to execute code on the underlying system, because the application deserializes untrusted data. Other vulnerabilities allowed unauthenticated attackers to perform SQL injection attacks to extract data from the database. Also the application stores the passwords provided during the installation process in cleartext.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy. More information can be found here 🧑‍💻👩‍💻 👇
https://herolab.usd.de/en/security-advisories/

#usdherolab #pentest #gambio