Skip to main content

Gislab Laboratory Management System

2 CVEs product

Monthly

CVE-2026-11763 MEDIUM This Month

Authorization bypass in GisLab Laboratory Management System (versions 1.4.03 through 08072026) allows an authenticated low-privileged user to access confidential data belonging to other users by manipulating user-controlled identifier keys in requests. The flaw (CWE-639, IDOR class) exposes high-confidentiality data without requiring elevated privileges or user interaction, over the network. No public exploit or CISA KEV listing has been identified at time of analysis; the vulnerability was disclosed by Turkey's national CERT (TR-CERT) via advisory TR-26-0573.

Authentication Bypass Gislab Laboratory Management System
NVD
CVSS 3.1
6.5
CVE-2026-8297 CRITICAL Act Now

SQL injection in GisLab Laboratory Management System (versions 1.4.03 through 08072026) allows remote unauthenticated attackers to inject arbitrary SQL commands via improperly neutralized special elements, per a TR-CERT advisory (TR-26-0573). The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N, C:H/I:H/A:H, 9.8) indicates full compromise of the backend database with no authentication or user interaction. No public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

SQLi Gislab Laboratory Management System
NVD
CVSS 3.1
9.8
CVSS 6.5
MEDIUM This Month

Authorization bypass in GisLab Laboratory Management System (versions 1.4.03 through 08072026) allows an authenticated low-privileged user to access confidential data belonging to other users by manipulating user-controlled identifier keys in requests. The flaw (CWE-639, IDOR class) exposes high-confidentiality data without requiring elevated privileges or user interaction, over the network. No public exploit or CISA KEV listing has been identified at time of analysis; the vulnerability was disclosed by Turkey's national CERT (TR-CERT) via advisory TR-26-0573.

Authentication Bypass Gislab Laboratory Management System
NVD
CVSS 9.8
CRITICAL Act Now

SQL injection in GisLab Laboratory Management System (versions 1.4.03 through 08072026) allows remote unauthenticated attackers to inject arbitrary SQL commands via improperly neutralized special elements, per a TR-CERT advisory (TR-26-0573). The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N, C:H/I:H/A:H, 9.8) indicates full compromise of the backend database with no authentication or user interaction. No public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

SQLi Gislab Laboratory Management System
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy