PT-2025-19917 · Tcman · Tcman'S Gim

Pablo Pardo

Publicado

2025-05-06

Atualizado

2025-05-13

CVE-2025-40621

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TCMAN's GIM version 11

Description This issue allows an unauthenticated attacker to inject SQL statements, enabling them to obtain, update, and delete all information in the database. The vulnerability is specifically found in the User parameter of the "ValidateUserAndGetData" endpoint.

Recommendations For TCMAN's GIM version 11, as a temporary workaround, consider restricting access to the "ValidateUserAndGetData" endpoint to minimize the risk of exploitation. Avoid using the User parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2025-40621

Produtos afetados

Tcman'S Gim

PT-2025-19917 · Tcman · Tcman'S Gim

CVE-2025-40621

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12