Primary

Context

GestSup SQL Injection Vulnerability in Ticket Creation

Vulnerability

A SQL injection vulnerability has been identified in GestSup versions through 3.2.56. This issue arises in the ticket creation feature, where user input is directly included in SQL queries without proper sanitization. As a result, an authenticated attacker could manipulate database queries, potentially leading to unauthorized access to or modification of database information, depending on their database privileges.

Impact

Exploitation of this vulnerability allows for SQL injection, which could lead to unauthorized access to or modification of database contents.

Remediation

Users are advised to update to GestSup version 3.2.59 or later, where this vulnerability has been addressed.

Added: Jan 9, 2026, 5:20 PM

Updated: Jan 9, 2026, 5:20 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

5.4

remediation

0.0

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

5.4

remediation

0.0

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GestSup SQL Injection Vulnerability in Ticket Creation

Vulnerability

Impact

Remediation

Affected Products

GestSup

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating