CVE-2026-22196
📋 TL;DR
This SQL injection vulnerability in GestSup allows authenticated attackers to manipulate database queries during ticket creation. Attackers can potentially access or modify sensitive database contents depending on their privileges. All organizations using GestSup versions before 3.2.60 are affected.
💻 Affected Systems
- GestSup
📦 What is this software?
Gestsup by Gestsup
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including exfiltration of all ticket data, user credentials, and system configuration, or complete database destruction.
Likely Case
Unauthorized access to ticket data, user information, and potential privilege escalation within the application.
If Mitigated
Limited impact due to database user having minimal privileges, but still potential for data leakage from accessible tables.
🎯 Exploit Status
SQL injection vulnerabilities are commonly weaponized, and this requires only authenticated access which is often easily obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.2.60
Vendor Advisory: https://gestsup.fr/index.php?page=changelog
Restart Required: No
Instructions:
1. Backup your GestSup installation and database. 2. Download version 3.2.60 or later from the official GestSup website. 3. Follow the upgrade instructions in the GestSup documentation. 4. Verify the upgrade was successful by checking the version in the admin panel.
🔧 Temporary Workarounds
Input Validation Web Application Firewall
allImplement WAF rules to detect and block SQL injection patterns in ticket creation requests
Database User Privilege Reduction
linuxRestrict database user permissions to only necessary operations
REVOKE ALL PRIVILEGES ON gestsup.* FROM 'gestsup_user'@'localhost';
GRANT SELECT, INSERT, UPDATE, DELETE ON gestsup.tickets TO 'gestsup_user'@'localhost';
🧯 If You Can't Patch
- Implement strict input validation and parameterized queries in custom code
- Restrict network access to GestSup to only trusted users and implement strong authentication controls
🔍 How to Verify
Check if Vulnerable:
Check GestSup version in admin panel or by examining the application files. Versions below 3.2.60 are vulnerable.Check Version:
Check GestSup admin panel or examine version.php file in installation directoryVerify Fix Applied:
Confirm version is 3.2.60 or higher in admin panel and test ticket creation functionality with SQL injection test payloads.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in application logs
- Multiple failed login attempts followed by ticket creation
- Ticket creation requests containing SQL keywords like UNION, SELECT, INSERT
Network Indicators:
- HTTP POST requests to ticket creation endpoints containing SQL syntax
- Unusual database query patterns from application server
SIEM Query:
source="gestup_logs" AND ("SQL syntax" OR "UNION" OR "SELECT *" OR "INSERT INTO") AND uri="/ticket/create"