CVE-2026-22197

UNKNOWN 0.0

GestSup < 3.2.60 Multiple SQL Injections in Asset List

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

GestSup versions prior to 3.2.60 contain multiple SQL injection vulnerabilities in the asset list functionality. Multiple request parameters used to filter, search, or sort assets are incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries. Successful exploitation can result in unauthorized access to or modification of database contents depending on database privileges.

CWE	CWE-89
Vendor	gestsup
Product	gestsup
Published	Jan 9, 2026
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for gestsup gestsup

Be the first to know when new unknown vulnerabilities affecting gestsup gestsup are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

GestSup / GestSup

0 < 3.2.60

References

NVD ↗ CVE.org ↗ EPSS Data ↗

gestsup.fr: https://gestsup.fr/index.php?page=changelog vulncheck.com: https://www.vulncheck.com/advisories/gestsup-multiple-sqli-in-asset-list

Credits

Geoffrey Robert and Valentin Holubec of Akailabs VulnCheck