CVE-2025-40623

Name of the Vulnerable Software and Affected Versions TCMAN's GIM version 11

Description This issue allows an unauthenticated attacker to inject an SQL statement, enabling them to obtain, update, and delete all information in the database. The vulnerability is specifically found in the Sender and email parameters of the "createNotificationAndroid" endpoint.

Recommendations For TCMAN's GIM version 11, consider disabling the createNotificationAndroid endpoint until a patch is available to prevent exploitation. Restrict access to the Sender and email parameters in this endpoint to minimize the risk of unauthorized database access. Avoid using the Sender and email parameters in the affected endpoint until the issue is resolved.