PT-2026-2170 · Gestsup · Gestsup

Geoffrey Robert

+2

·

Publicado

2026-01-09

·

Atualizado

2026-01-09

·

CVE-2026-22197

CVSS v3.1

8.1

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions GestSup versions up to and including 3.2.56
Description GestSup versions up to and including 3.2.56 have multiple SQL injection flaws in the asset list functionality. Request parameters used to filter, search, or sort assets are included in SQL queries without proper sanitization. A successful attack by an authenticated user could lead to unauthorized access or modification of database contents, depending on database permissions.
Recommendations Update GestSup to a version newer than 3.2.56.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2026-22197

Produtos afetados

Gestsup