Gim

gim

Vendor: Tcman • 24 CVEs

CVEs (24)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-41015 1Tcman 1Gim Dec 3, 2025 Dec 2, 2025 6.9 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:...Show more User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetUserQuestionAndAnswer' in '/WS/PDAWebService.asmx'.Show less
CVE-2025-41014 1Tcman 1Gim Dec 3, 2025 Dec 2, 2025 6.9 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:...Show more User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetLastDatePasswordChange' in '/WS/PDAWebService.asmx'.Show less
CVE-2025-41013 1Tcman 1Gim Dec 3, 2025 Dec 2, 2025 8.7 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmE...Show more SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'.Show less
CVE-2025-41012 1Tcman 1Gim Dec 3, 2025 Dec 2, 2025 8.7 HIGH· v4 5.3 MEDIUM· v3 N/A· v2 Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword'...Show more Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'.Show less
CVE-2025-40670 1Tcman 1Gim Oct 6, 2025 Jun 9, 2025 7.1 HIGH· v4 8.8 HIGH· v3 N/A· v2 Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to create a user and assign it many privileges by sending a POST request to /PC/frmGestionUser.aspx/updateUser.
CVE-2025-40669 1Tcman 1Gim Oct 6, 2025 Jun 9, 2025 7.1 HIGH· v4 6.5 MEDIUM· v3 N/A· v2 Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to modify the permissions held by each of the application's users, including the user himself by sending a POST...Show more Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to modify the permissions held by each of the application's users, including the user himself by sending a POST request to /PC/Options.aspx?Command=2&Page=-1.Show less
CVE-2025-40668 1Tcman 1Gim Oct 6, 2025 Jun 9, 2025 7.1 HIGH· v4 6.5 MEDIUM· v3 N/A· v2 Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an attacker, with low privilege level, to change the password of other users through a POST request using the parameters idUser, Passwor...Show more Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an attacker, with low privilege level, to change the password of other users through a POST request using the parameters idUser, PasswordActual, PasswordNew and PasswordNewRepeat in /PC/WebService.aspx/validateChangePassword%C3%B1a. To exploit the vulnerability the PasswordActual parameter must be empty.Show less
CVE-2025-40667 1Tcman 1Gim Oct 10, 2025 May 26, 2025 8.7 HIGH· v4 6.5 MEDIUM· v3 N/A· v2 Missing authorization vulnerability in TCMAN's GIM v11. This allows an authenticated attacker to access any functionality of the application even when they are not available through the user interface. To exploit the vul...Show more Missing authorization vulnerability in TCMAN's GIM v11. This allows an authenticated attacker to access any functionality of the application even when they are not available through the user interface. To exploit the vulnerability the attacker must modify the HTTP code of the response from ‘302 Found’ to ‘200 OK’, as well as the hidden fields hdnReadOnly and hdnUserLogin.Show less
CVE-2025-40666 1Tcman 1Gim Oct 10, 2025 May 26, 2025 8.7 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in/GIMWeb/PC/frmPreventivosList.aspx.
CVE-2025-40665 1Tcman 1Gim Oct 10, 2025 May 26, 2025 8.7 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in /GIMWeb/PC/frmCorrectivosList.aspx.
CVE-2025-40664 1Tcman 1Gim Oct 10, 2025 May 26, 2025 9.3 CRITICAL· v4 9.1 CRITICAL· v3 N/A· v2 Missing authentication vulnerability in TCMAN GIM v11. This allows an unauthenticated attacker to access the resources /frmGestionUser.aspx/GetData, /frmGestionUser.aspx/updateUser and /frmGestionUser.aspx/DeleteUser.
CVE-2025-40625 1Tcman 1Gim May 13, 2025 May 6, 2025 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 Unrestricted file upload in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to upload any file within the server, even a malicious file to obtain a Remote Code Execution (RCE).
CVE-2025-40624 1Tcman 1Gim May 13, 2025 May 6, 2025 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the...Show more SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’ and “email” parameters of the ‘updatePassword’ endpoint.Show less
CVE-2025-40623 1Tcman 1Gim May 13, 2025 May 6, 2025 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the...Show more SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘Sender’ and “email” parameters of the ‘createNotificationAndroid’ endpoint.Show less
CVE-2025-40622 1Tcman 1Gim May 13, 2025 May 6, 2025 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the...Show more SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘username’ parameter of the ‘GetLastDatePasswordChange’ endpoint.Show less
CVE-2025-40621 1Tcman 1Gim May 13, 2025 May 6, 2025 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the...Show more SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’ parameter of the ‘ValidateUserAndGetData’ endpoint.Show less
CVE-2025-40620 1Tcman 1Gim May 13, 2025 May 6, 2025 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the...Show more SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’ parameter of the ‘ValidateUserAndWS’ endpoint.Show less
CVE-2022-36277 1Tcman 1Gim Nov 21, 2024 Oct 4, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks.
CVE-2022-36276 1Tcman 1Gim Nov 21, 2024 Oct 4, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database.
CVE-2021-4046 1Tcman 1Gim Nov 21, 2024 Feb 11, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking o...Show more The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data.Show less

12 Next