Pablo Pardo

**Name of the Vulnerable Software and Affected Versions** TCMAN's GIM version 11 **Description** This issue allows an unauthenticated attacker to inject an SQL statement to obtain, update, and delete all information in the database. The vulnerability is found in the `User` parameter of the "ValidateUserAndWS" endpoint. **Recommendations** For TCMAN's GIM version 11, consider disabling the "ValidateUserAndWS" endpoint or restricting access to the `User` parameter until a patch is available. Avoid using the `User` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TCMAN's GIM version 11 **Description** This issue allows an unauthenticated attacker to inject SQL statements, enabling them to obtain, update, and delete all information in the database. The vulnerability is specifically found in the `User` parameter of the "ValidateUserAndGetData" endpoint. **Recommendations** For TCMAN's GIM version 11, as a temporary workaround, consider restricting access to the "ValidateUserAndGetData" endpoint to minimize the risk of exploitation. Avoid using the `User` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TCMAN's GIM version 11 **Description** This issue allows an unauthenticated attacker to inject an SQL statement to obtain, update, and delete all information in the database. The vulnerability is found in the `username` parameter of the "GetLastDatePasswordChange" endpoint. **Recommendations** For TCMAN's GIM version 11, consider disabling the "GetLastDatePasswordChange" endpoint or restricting access to the `username` parameter until a patch is available. Avoid using the `username` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TCMAN's GIM version 11 **Description** This issue allows an unauthenticated attacker to inject an SQL statement, enabling them to obtain, update, and delete all information in the database. The vulnerability is specifically found in the `Sender` and `email` parameters of the "createNotificationAndroid" endpoint. **Recommendations** For TCMAN's GIM version 11, consider disabling the `createNotificationAndroid` endpoint until a patch is available to prevent exploitation. Restrict access to the `Sender` and `email` parameters in this endpoint to minimize the risk of unauthorized database access. Avoid using the `Sender` and `email` parameters in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** TCMAN's GIM version 11 **Description** This issue allows an unauthenticated attacker to inject an SQL statement to obtain, update, and delete all information in the database. The vulnerability is found in the `updatePassword` endpoint, specifically in the `User` and `email` parameters. **Recommendations** For TCMAN's GIM version 11, consider disabling the `updatePassword` endpoint until a patch is available. Restrict access to the `User` and `email` parameters in the `updatePassword` endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** TCMAN GIM version 11 **Description** This issue allows an unauthenticated attacker to upload any file within the server, including malicious files, to obtain Remote Code Execution (RCE). **Recommendations** For TCMAN GIM version 11, consider disabling the file upload feature until a patch is available to prevent exploitation. Restrict access to the server to minimize the risk of unauthorized file uploads. At the moment, there is no information about a newer version that contains a fix for this vulnerability.