CNNVD-202601-1604 Information
CNNVD ID
CNNVD-202601-1604
Related CVE
- CNNVD Published: 2026-01-09
Description (Chinese)
GESTSUP是法国GESTSUP公司的一个应用软件。是100%基于Web的SUPport MANAGEMENT软件,它可以管理票证和设备。 GESTSUP 3.2.56及之前版本存在跨站请求伪造漏洞,该漏洞源于应用程序未验证客户端请求的真实性,可能导致跨站请求伪造攻击,从而以受害者权限执行操作。
Description (English)
GESTSUP is an application of the French company GESTSUP. It’s 100% Web-based SUPport MANAGEMENT software that can manage tickets and equipment. GESTSUP 3.2.56 and earlier versions had a false loophole in cross-site requests, which stemmed from the application ’ s failure to verify the authenticity of client requests, which could lead to cross-site requests for false attacks, thus operating under the victim ’ s authority.
Hazard Level
Medium
Vulnerability Type
跨站请求伪造
Affected Vendor
GESTSUP
Published
2026-01-09
Last Modified
2026-02-24
References
https://gestsup.fr/index.php?page=changelog https://www.vulncheck.com/advisories/gestsup-csrf-allows-privileged-actions https://access.redhat.com/security/cve/cve-2026-22194
Patch
https://gestsup.fr/index.php?page=changelog
Share on: