CNNVD-202601-1603 Information
Jan 09, 2026
cve
CNNVD ID
CNNVD-202601-1603
Related CVE
- CNNVD Published: 2026-01-09
Description (Chinese)
GESTSUP是法国GESTSUP公司的一个应用软件。是100%基于Web的SUPport MANAGEMENT软件,它可以管理票证和设备。 GESTSUP 3.2.56及之前版本存在SQL注入漏洞,该漏洞源于工单创建功能中用户控制的输入未充分中和即被纳入SQL查询,可能导致SQL注入攻击。
Description (English)
GESTSUP is an application of the French company GESTSUP. It’s 100% Web-based SUPport MANAGEMENT software that can manage tickets and equipment. GESTSUP 3.2.56 and previous versions had an SQL injection loophole, which stemmed from the inadequate integration of user-controlled inputs into SQL queries in the worksheet creation function, which could lead to an SQL injection attack.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
GESTSUP
Published
2026-01-09
Last Modified
2026-02-24
References
https://gestsup.fr/index.php?page=changelog https://www.vulncheck.com/advisories/gestsup-sqli-in-ticket-creation
Patch
https://gestsup.fr/index.php?page=changelog
Share on: