CVE-2025-40620

SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’...

CVE-2025-40620

CVE-2025-40620 affects TCMAN’s GIM v11, with a SQL injection in the ValidateUserAndWS endpoint’s User parameter. An unauthenticated attacker can inject SQL to obtain, update, and delete all information in the database, impacting confidentiality, integrity, and availability (per CVSS vectors). No ...

CVE-2025-40620 Multiple vulnerabilities in TCMAN's GIM

SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’...

PT-2025-19916 · Tcman · Tcman'S Gim

Name of the Vulnerable Software and Affected Versions: TCMAN's GIM version 11 Description: This issue allows an unauthenticated attacker to inject an SQL statement to obtain, update, and delete all information in the database. The vulnerability is found in the User parameter of the...

Tcman Gim SQL注入漏洞

Tcman Gim is a facility management software from the Spanish company Tcman designed for use on mobile devices. A SQL injection vulnerability exists in Tcman Gim version v11, which stems from the presence of SQL injection in the ValidateUserAndWS endpoint User parameter...