CVE-2025-40623
Severity CVSS v4.0:
CRITICAL
Type:
CWE-89
SQL Injection
Publication date:
06/05/2025
Last modified:
13/05/2025
Description
SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘Sender’ and “email” parameters of the ‘createNotificationAndroid’ endpoint.
Impact
Base Score 4.0
9.30
Severity 4.0
CRITICAL
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:tcman:gim:11.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page