Tcman Gim

24 CVEs affecting Tcman Gim. Latest disclosed: 2025-12-02. Critical: 12, High: 5.

Top CVEs affecting Tcman Gim
CVESeverityScorePublishedSummary
CVE-2021-40850Critical10.02021-12-17TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx.
CVE-2022-36276Critical9.92023-10-04TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might al…
CVE-2025-41013Critical9.82025-12-02SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by se…
CVE-2025-40666Critical9.82025-05-26Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID par…
CVE-2025-40665Critical9.82025-05-26Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID par…
CVE-2025-40625Critical9.82025-05-06Unrestricted file upload in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to upload any file within the server, even a malicious file…
CVE-2025-40624Critical9.82025-05-06SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information…
CVE-2025-40623Critical9.82025-05-06SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information…
CVE-2025-40622Critical9.82025-05-06SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information…
CVE-2025-40621Critical9.82025-05-06SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information…
CVE-2025-40620Critical9.82025-05-06SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information…
CVE-2025-40664Critical9.12025-05-26Missing authentication vulnerability in TCMAN GIM v11. This allows an unauthenticated attacker to access the resources /frmGestionUser.aspx/GetData, /frmGestio…
CVE-2025-40670High8.82025-06-09Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to create a user and assign it many privileges by…
CVE-2025-41015High7.52025-12-02User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on t…
CVE-2025-41014High7.52025-12-02User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on t…
CVE-2021-40851High7.52021-12-17TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. The exploitation of this vulnerability mi…
CVE-2021-40853High7.22021-12-17TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this vulnerability to access URL…
CVE-2025-40669Medium6.52025-06-09Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to modify the permissions held by each of the appl…
CVE-2025-40668Medium6.52025-06-09Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an attacker, with low privilege level, to change the password of other user…
CVE-2025-40667Medium6.52025-05-26Missing authorization vulnerability in TCMAN's GIM v11. This allows an authenticated attacker to access any functionality of the application even when they are…