PT-2026-2168 · Gestsup · Gestsup
Geoffrey Robert
+2
·
Published
2026-01-09
·
Updated
2026-01-09
·
CVE-2026-22195
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
GestSup versions up to and including 3.2.56
Description
GestSup versions up to and including 3.2.56 contain a SQL injection issue in the search bar functionality. User-controlled search input is incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries. Successful exploitation can result in unauthorized access to or modification of database contents depending on database privileges. The vulnerable component is the search bar. The input to the search bar, controlled by the user, is directly used in SQL queries without proper sanitization.
Recommendations
Update GestSup to a version newer than 3.2.56.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gestsup