Gim Security Vulnerabilities and Issues — Gim CVE List

Lucene search

TcmanGim

8 matches found

CVE•added 2025/05/06 11:15 a.m.•55 views

CVE-2025-40625

Unrestricted file upload in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to upload any file within the server, even a malicious file to obtain a Remote Code Execution (RCE).

9.8CVSS7.2AI score0.00265EPSS

CVE•added 2025/05/06 11:15 a.m.•47 views

CVE-2025-40622

SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘username’ para...

9.8CVSS7.3AI score0.00141EPSS

CVE•added 2025/05/06 11:15 a.m.•47 views

CVE-2025-40623

9.8CVSS7.3AI score0.00141EPSS

CVE•added 2025/05/06 11:15 a.m.•47 views

CVE-2025-40624

9.8CVSS7.3AI score0.00141EPSS

CVE•added 2025/05/06 11:15 a.m.•46 views

CVE-2025-40620

9.8CVSS7.3AI score0.00141EPSS

CVE•added 2025/05/06 11:15 a.m.•46 views

CVE-2025-40621

9.8CVSS7.3AI score0.00141EPSS

CVE•added 2023/10/04 4:15 p.m.•43 views

CVE-2022-36276

TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database.

9.9CVSS9.8AI score0.00208EPSS

CVE•added 2025/05/26 1:15 p.m.•41 views

CVE-2025-40664

Missing authentication vulnerability in TCMAN GIM v11. This allows an unauthenticated attacker to access the resources /frmGestionUser.aspx/GetData, /frmGestionUser.aspx/updateUser and /frmGestionUser.aspx/DeleteUser.

9.3CVSS6.8AI score0.0015EPSS