cvelist/2025/40xxx/CVE-2025-40624.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2025-40624",
        "ASSIGNER": "cve-coordination@incibe.es",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier\u00a0\u2018User\u2019 and \u201cemail\u201d parameters of the \u2018updatePassword\u2019 endpoint."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
                        "cweId": "CWE-89"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "TCMAN",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "GIM",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "v11"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcmans-gim",
                "refsource": "MISC",
                "name": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcmans-gim"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.2.0"
    },
    "source": {
        "discovery": "EXTERNAL"
    },
    "solution": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "The vulnerability has been fixed by the TCMAN team in version 1280.<br>"
                }
            ],
            "value": "The vulnerability has been fixed by the TCMAN team in version 1280."
        }
    ],
    "credits": [
        {
            "lang": "en",
            "value": "Pablo Pardo"
        }
    ]
}