CNNVD-202601-1602 Information
CNNVD ID
CNNVD-202601-1602
Related CVE
- CNNVD Published: 2026-01-09
Description (Chinese)
GESTSUP是法国GESTSUP公司的一个应用软件。是100%基于Web的SUPport MANAGEMENT软件,它可以管理票证和设备。 GESTSUP 3.2.56及之前版本存在SQL注入漏洞,该漏洞源于资产列表功能中多个用于过滤、搜索或排序资产的请求参数未充分中和即被纳入SQL查询,可能导致SQL注入攻击。
Description (English)
GESTSUP is an application of the French company GESTSUP. It’s 100% Web-based SUPport MANAGEMENT software that can manage tickets and equipment. GESTSUP 3.2.56 and previous versions had an SQL injection loophole, which stemmed from the fact that many of the requested parameters in the asset list function for filtering, searching or sorting assets were not sufficiently integrated into the SQL query and could lead to an SQL injection attack.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
GESTSUP
Published
2026-01-09
Last Modified
2026-02-24
References
https://gestsup.fr/index.php?page=changelog https://www.vulncheck.com/advisories/gestsup-multiple-sqli-in-asset-list https://access.redhat.com/security/cve/cve-2026-22197
Patch
https://gestsup.fr/index.php?page=changelog
Share on: