GestSup SQL Injection Vulnerability in Asset List Functionality

Vulnerability

A series of SQL injection vulnerabilities have been identified in GestSup versions up to and including 3.2.56. These vulnerabilities reside within the asset list feature, where several request parameters used for filtering, searching, or sorting assets are directly included in SQL queries without adequate sanitization. This oversight enables authenticated attackers to manipulate database queries, potentially leading to unauthorized access to or modification of database contents, depending on their database privileges.

Impact

Exploitation of these vulnerabilities allows for SQL injection, which could lead to unauthorized access to or modification of database contents.

Added: Jan 9, 2026, 5:19 PM

Updated: Jan 9, 2026, 5:19 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.3

exploitability

5.4

remediation

0.0

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.3

exploitability

5.4

remediation

0.0

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GestSup SQL Injection Vulnerability in Asset List Functionality

Vulnerability

Impact

Affected Products

GestSup

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating