Tcman Gim
24 CVEs affecting Tcman Gim. Latest disclosed: 2025-12-02. Critical: 12, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-40850 | Critical | 10.0 | 2021-12-17 | TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx. |
CVE-2022-36276 | Critical | 9.9 | 2023-10-04 | TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might al… |
CVE-2025-41013 | Critical | 9.8 | 2025-12-02 | SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by se… |
CVE-2025-40666 | Critical | 9.8 | 2025-05-26 | Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID par… |
CVE-2025-40665 | Critical | 9.8 | 2025-05-26 | Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID par… |
CVE-2025-40625 | Critical | 9.8 | 2025-05-06 | Unrestricted file upload in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to upload any file within the server, even a malicious file… |
CVE-2025-40624 | Critical | 9.8 | 2025-05-06 | SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information… |
CVE-2025-40623 | Critical | 9.8 | 2025-05-06 | SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information… |
CVE-2025-40622 | Critical | 9.8 | 2025-05-06 | SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information… |
CVE-2025-40621 | Critical | 9.8 | 2025-05-06 | SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information… |
CVE-2025-40620 | Critical | 9.8 | 2025-05-06 | SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information… |
CVE-2025-40664 | Critical | 9.1 | 2025-05-26 | Missing authentication vulnerability in TCMAN GIM v11. This allows an unauthenticated attacker to access the resources /frmGestionUser.aspx/GetData, /frmGestio… |
CVE-2025-40670 | High | 8.8 | 2025-06-09 | Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to create a user and assign it many privileges by… |
CVE-2025-41015 | High | 7.5 | 2025-12-02 | User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on t… |
CVE-2025-41014 | High | 7.5 | 2025-12-02 | User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on t… |
CVE-2021-40851 | High | 7.5 | 2021-12-17 | TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. The exploitation of this vulnerability mi… |
CVE-2021-40853 | High | 7.2 | 2021-12-17 | TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this vulnerability to access URL… |
CVE-2025-40669 | Medium | 6.5 | 2025-06-09 | Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to modify the permissions held by each of the appl… |
CVE-2025-40668 | Medium | 6.5 | 2025-06-09 | Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an attacker, with low privilege level, to change the password of other user… |
CVE-2025-40667 | Medium | 6.5 | 2025-05-26 | Missing authorization vulnerability in TCMAN's GIM v11. This allows an authenticated attacker to access any functionality of the application even when they are… |