Geoffrey Robert

**Nome do Software Vulnerável e Versões Afetadas** Versões do GestSup até e incluindo a 3.2.56 **Descrição** A aplicação não verifica a autenticidade das solicitações do cliente, levando a uma condição de falsificação de solicitação entre sites (CSRF). Um atacante pode potencialmente enganar um usuário autenticado para enviar solicitações maliciosas, permitindo que o atacante execute ações com as permissões do usuário. Especificamente, isso pode ser usado para criar contas privilegiadas visando o endpoint de criação de usuário administrativo ''/admin/createUser''. A função `createUser()` é vulnerável a este ataque. **Recomendações** Recomenda-se a utilização de versões anteriores à 3.2.56.

**Name of the Vulnerable Software and Affected Versions** GestSup versions up to and including 3.2.56 **Description** GestSup versions up to and including 3.2.56 contain a SQL injection issue in the search bar functionality. User-controlled search input is incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries. Successful exploitation can result in unauthorized access to or modification of database contents depending on database privileges. The vulnerable component is the search bar. The input to the search bar, controlled by the user, is directly used in SQL queries without proper sanitization. **Recommendations** Update GestSup to a version newer than 3.2.56.

**Name of the Vulnerable Software and Affected Versions** GestSup versions up to and including 3.2.56 **Description** GestSup versions up to and including 3.2.56 contain a SQL injection issue in the ticket creation functionality. User-controlled input during ticket creation is used in SQL queries without proper sanitization, potentially allowing an authenticated attacker to manipulate database queries. Successful exploitation could lead to unauthorized access or modification of database contents, depending on database privileges. **Recommendations** Update GestSup to a version newer than 3.2.56.

**Name of the Vulnerable Software and Affected Versions** GestSup versions up to and including 3.2.56 **Description** GestSup versions up to and including 3.2.56 have multiple SQL injection flaws in the asset list functionality. Request parameters used to filter, search, or sort assets are included in SQL queries without proper sanitization. A successful attack by an authenticated user could lead to unauthorized access or modification of database contents, depending on database permissions. **Recommendations** Update GestSup to a version newer than 3.2.56.

**Name of the Vulnerable Software and Affected Versions** GestSup versions up to and including 3.2.56 **Description** GestSup versions up to and including 3.2.56 contain a pre-authentication stored cross-site scripting (XSS) issue in the API error logging functionality. An unauthenticated attacker can inject attacker-controlled HTML/JavaScript into log entries by sending a crafted API request with a malicious `X-API-KEY` header value to the `/api/v1/ticket.php` endpoint. When an administrator views the affected logs in the web interface, the injected content is rendered without proper output encoding, leading to arbitrary script execution in the administrator’s browser session. **Recommendations** GestSup versions prior to 3.2.56 should be updated.