QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-22197

Back to search

CVE-2026-22197

Published: Jan 9, 2026

Modified: Mar 5, 2026

PUBLISHED

Description

GestSup versions prior to 3.2.60 contain multiple SQL injection vulnerabilities in the asset list functionality. Multiple request parameters used to filter, search, or sort assets are incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries. Successful exploitation can result in unauthorized access to or modification of database contents depending on database privileges.

VendorProductVersions

GestSup

GestSup

affected
0 - < 3.2.60

Weaknesses (CWE)

CWE-89

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now