CVE 7.5 HIGH

GestSup <= 3.2.56 Multiple SQL Injections in Asset List_CVE-2026-22197

January 9, 2026 invoker category_cve
7.5 / 10
HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

GestSup versions up to and including 3.2.56 contain multiple SQL injection vulnerabilities in the asset list functionality. Multiple request parameters used to filter, search, or sort assets are incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries. Successful exploitation can result in unauthorized access to or modification of database contents depending on database privileges.

Basic Information

ID CVE-2026-22197
Source VulnCheck
Published Jan 9, 2026 at 16:18

Affected Product

Vendor GestSup
Product GestSup
Affected Versions GestSup GestSup 0

CWE Classification

CWE-89

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.