5 matches found
CVE-2025-40668
Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an attacker, with low privilege level, to change the password of other users through a POST request using the parameters idUser, PasswordActual, PasswordNew and PasswordNewRepeat in...
CVE-2025-40668
Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an attacker, with low privilege level, to change the password of other users through a POST request using the parameters idUser, PasswordActual, PasswordNew and PasswordNewRepeat in...
CVE-2025-40668
creationtimestamp| type| source ---|---|--- 2025-06-09 13:02:03+00:00| published-proof-of-concept| Telegram/AvRPE1FYyApk1Jln3Af0piOZ09oDjaUbhCE1oirCL83hBqc 2025-06-09 15:10:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lr6nyb4nsw25...
CVE-2025-40668 Incorrect Authorization vulnerability in TCMAN GIM
Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an attacker, with low privilege level, to change the password of other users through a POST request using the parameters idUser, PasswordActual, PasswordNew and PasswordNewRepeat in...
CVE-2025-40668
CVE-2025-40668 : Affected software is TC MAN’s GIM v11. The vulnerability is an incorrect authorization flaw that lets a low-privilege attacker change other users’ passwords by sending a POST to the endpoint "/PC/WebService.aspx/validateChangePasswordña" with parameters idUser, PasswordActual, Pa...