CNNVD-202601-1601 Information
Jan 09, 2026
cve
CNNVD ID
CNNVD-202601-1601
Related CVE
- CNNVD Published: 2026-01-09
Description (Chinese)
GESTSUP是法国GESTSUP公司的一个应用软件。是100%基于Web的SUPport MANAGEMENT软件,它可以管理票证和设备。 GESTSUP 3.2.56及之前版本存在SQL注入漏洞,该漏洞源于搜索栏功能中用户控制的搜索输入未充分中和即被纳入SQL查询,可能导致SQL注入攻击。
Description (English)
GESTSUP is an application of the French company GESTSUP. It’s 100% Web-based SUPport MANAGEMENT software that can manage tickets and equipment. GESTSUP 3.2.56 and previous versions have an SQL injection loophole, which stems from the fact that user-controlled search input in the search column function is not sufficiently integrated into SQL queries and may lead to an SQL injection attack.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
GESTSUP
Published
2026-01-09
Last Modified
2026-02-24
References
https://gestsup.fr/index.php?page=changelog https://www.vulncheck.com/advisories/gestsup-sqli-in-search-bar
Patch
https://gestsup.fr/index.php?page=changelog
Share on: