exploitDog

CVE-2025-40620

Опубликовано: 06 мая 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’ parameter of the ‘ValidateUserAndWS’ endpoint.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcmans-gim
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tcman:gim:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00125

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-647j-x872-mcw4

CVSS3: 9.8

github

9 месяцев назад

SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’ parameter of the ‘ValidateUserAndWS’ endpoint.

EPSS

Процентиль: 32%

0.00125

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89