CVE-2026-22195

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.1 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N                                    

Vulnerability Description

GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in the search bar functionality. User-controlled search input is incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries. Successful exploitation can result in unauthorized access to or modification of database contents depending on database privileges.

Vulnerability Details

Published Date

January 09, 2026

Last Modified

January 14, 2026

CWE ID

CWE-89

Source

NVD

Vendor

gestsup

Product

gestsup

External References

https://gestsup.fr/index.php?page=changelog
https://www.vulncheck.com/advisories/gestsup-sqli-in-search-bar

CVE-2026-22195

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment