SQL Injection Vulnerability in TCMAN GIM v8.0.1 via 'SqlWhere' Parameter in 'BuscarESM' Function

SQL Injection Vulnerability in TCMAN GIM v8.0.1 via 'SqlWhere' Parameter in 'BuscarESM' Function

CVE-2022-36276 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.