Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for GisLab Laboratory Management System by Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc.

    CVE-2026-8297 (GCVE-0-2026-8297)

    Vulnerability from nvd – Published: 2026-07-17 15:50 – Updated: 2026-07-17 16:38
    VLAI
    Title
    SQLi in GIS Informatics' GisLab Laboratory Management System
    Summary
    Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows SQL Injection. This issue affects GisLab Laboratory Management System: from 1.4.03 through 08072026.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper neutralization of special elements used in an SQL command ('SQL injection')
    Assigner
    References
    Date Public
    2026-07-17 15:45
    Credits
    Mehmet Abdullah ADBAY
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8297",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T16:38:15.234899Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T16:38:29.611Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GisLab Laboratory Management System",
              "vendor": "Gis Informatics Engineering Consulting Laboratory R\u0026D and Software Services Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "08072026",
                  "status": "affected",
                  "version": "1.4.03",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mehmet Abdullah ADBAY"
            }
          ],
          "datePublic": "2026-07-17T15:45:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper neutralization of special elements used in an SQL command (\u0027SQL injection\u0027) vulnerability in Gis Informatics Engineering Consulting Laboratory R\u0026amp;D and Software Services Inc. GisLab Laboratory Management System allows SQL Injection.\u003cp\u003eThis issue affects GisLab Laboratory Management System: from 1.4.03 through 08072026.\u003c/p\u003e"
                }
              ],
              "value": "Improper neutralization of special elements used in an SQL command (\u0027SQL injection\u0027) vulnerability in Gis Informatics Engineering Consulting Laboratory R\u0026D and Software Services Inc. GisLab Laboratory Management System allows SQL Injection.\n\nThis issue affects GisLab Laboratory Management System: from 1.4.03 through 08072026."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66 SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper neutralization of special elements used in an SQL command (\u0027SQL injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T15:50:01.404Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0573"
            }
          ],
          "source": {
            "advisory": "TR-26-0573",
            "defect": [
              "TR-26-0573"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "SQLi in GIS Informatics\u0027 GisLab Laboratory Management System",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2026-8297",
        "datePublished": "2026-07-17T15:50:01.404Z",
        "dateReserved": "2026-05-11T10:29:13.254Z",
        "dateUpdated": "2026-07-17T16:38:29.611Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11763 (GCVE-0-2026-11763)

    Vulnerability from nvd – Published: 2026-07-17 15:56 – Updated: 2026-07-17 16:39
    VLAI
    Title
    IDOR in GIS Informatics' GisLab Laboratory Management System
    Summary
    Authorization bypass through User-Controlled key vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows Exploitation of Trusted Identifiers. This issue affects GisLab Laboratory Management System: from 1.4.03 through 08072026.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization bypass through User-Controlled key
    Assigner
    References
    Date Public
    2026-07-17 15:53
    Credits
    Mehmet Abdullah ADBAY
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11763",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T16:39:31.818762Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T16:39:42.440Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GisLab Laboratory Management System",
              "vendor": "Gis Informatics Engineering Consulting Laboratory R\u0026D and Software Services Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "08072026",
                  "status": "affected",
                  "version": "1.4.03",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mehmet Abdullah ADBAY"
            }
          ],
          "datePublic": "2026-07-17T15:53:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Authorization bypass through User-Controlled key vulnerability in Gis Informatics Engineering Consulting Laboratory R\u0026amp;D and Software Services Inc. GisLab Laboratory Management System allows Exploitation of Trusted Identifiers.\u003cp\u003eThis issue affects GisLab Laboratory Management System: from 1.4.03 through 08072026.\u003c/p\u003e"
                }
              ],
              "value": "Authorization bypass through User-Controlled key vulnerability in Gis Informatics Engineering Consulting Laboratory R\u0026D and Software Services Inc. GisLab Laboratory Management System allows Exploitation of Trusted Identifiers.\n\nThis issue affects GisLab Laboratory Management System: from 1.4.03 through 08072026."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-21",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-21 Exploitation of Trusted Identifiers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization bypass through User-Controlled key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T15:56:52.030Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0573"
            }
          ],
          "source": {
            "advisory": "TR-26-0573",
            "defect": [
              "TR-26-0573"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "IDOR in GIS Informatics\u0027 GisLab Laboratory Management System",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2026-11763",
        "datePublished": "2026-07-17T15:56:52.030Z",
        "dateReserved": "2026-06-09T07:40:39.402Z",
        "dateUpdated": "2026-07-17T16:39:42.440Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11763 (GCVE-0-2026-11763)

    Vulnerability from cvelistv5 – Published: 2026-07-17 15:56 – Updated: 2026-07-17 16:39
    VLAI
    Title
    IDOR in GIS Informatics' GisLab Laboratory Management System
    Summary
    Authorization bypass through User-Controlled key vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows Exploitation of Trusted Identifiers. This issue affects GisLab Laboratory Management System: from 1.4.03 through 08072026.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization bypass through User-Controlled key
    Assigner
    References
    Date Public
    2026-07-17 15:53
    Credits
    Mehmet Abdullah ADBAY
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11763",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T16:39:31.818762Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T16:39:42.440Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GisLab Laboratory Management System",
              "vendor": "Gis Informatics Engineering Consulting Laboratory R\u0026D and Software Services Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "08072026",
                  "status": "affected",
                  "version": "1.4.03",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mehmet Abdullah ADBAY"
            }
          ],
          "datePublic": "2026-07-17T15:53:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Authorization bypass through User-Controlled key vulnerability in Gis Informatics Engineering Consulting Laboratory R\u0026amp;D and Software Services Inc. GisLab Laboratory Management System allows Exploitation of Trusted Identifiers.\u003cp\u003eThis issue affects GisLab Laboratory Management System: from 1.4.03 through 08072026.\u003c/p\u003e"
                }
              ],
              "value": "Authorization bypass through User-Controlled key vulnerability in Gis Informatics Engineering Consulting Laboratory R\u0026D and Software Services Inc. GisLab Laboratory Management System allows Exploitation of Trusted Identifiers.\n\nThis issue affects GisLab Laboratory Management System: from 1.4.03 through 08072026."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-21",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-21 Exploitation of Trusted Identifiers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization bypass through User-Controlled key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T15:56:52.030Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0573"
            }
          ],
          "source": {
            "advisory": "TR-26-0573",
            "defect": [
              "TR-26-0573"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "IDOR in GIS Informatics\u0027 GisLab Laboratory Management System",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2026-11763",
        "datePublished": "2026-07-17T15:56:52.030Z",
        "dateReserved": "2026-06-09T07:40:39.402Z",
        "dateUpdated": "2026-07-17T16:39:42.440Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8297 (GCVE-0-2026-8297)

    Vulnerability from cvelistv5 – Published: 2026-07-17 15:50 – Updated: 2026-07-17 16:38
    VLAI
    Title
    SQLi in GIS Informatics' GisLab Laboratory Management System
    Summary
    Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows SQL Injection. This issue affects GisLab Laboratory Management System: from 1.4.03 through 08072026.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper neutralization of special elements used in an SQL command ('SQL injection')
    Assigner
    References
    Date Public
    2026-07-17 15:45
    Credits
    Mehmet Abdullah ADBAY
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8297",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-17T16:38:15.234899Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-17T16:38:29.611Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GisLab Laboratory Management System",
              "vendor": "Gis Informatics Engineering Consulting Laboratory R\u0026D and Software Services Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "08072026",
                  "status": "affected",
                  "version": "1.4.03",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mehmet Abdullah ADBAY"
            }
          ],
          "datePublic": "2026-07-17T15:45:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper neutralization of special elements used in an SQL command (\u0027SQL injection\u0027) vulnerability in Gis Informatics Engineering Consulting Laboratory R\u0026amp;D and Software Services Inc. GisLab Laboratory Management System allows SQL Injection.\u003cp\u003eThis issue affects GisLab Laboratory Management System: from 1.4.03 through 08072026.\u003c/p\u003e"
                }
              ],
              "value": "Improper neutralization of special elements used in an SQL command (\u0027SQL injection\u0027) vulnerability in Gis Informatics Engineering Consulting Laboratory R\u0026D and Software Services Inc. GisLab Laboratory Management System allows SQL Injection.\n\nThis issue affects GisLab Laboratory Management System: from 1.4.03 through 08072026."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66 SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper neutralization of special elements used in an SQL command (\u0027SQL injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-17T15:50:01.404Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0573"
            }
          ],
          "source": {
            "advisory": "TR-26-0573",
            "defect": [
              "TR-26-0573"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "SQLi in GIS Informatics\u0027 GisLab Laboratory Management System",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2026-8297",
        "datePublished": "2026-07-17T15:50:01.404Z",
        "dateReserved": "2026-05-11T10:29:13.254Z",
        "dateUpdated": "2026-07-17T16:38:29.611Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }