CVE-2026-8297 PUBLISHED

SQLi in GIS Informatics' GisLab Laboratory Management System

Assigner: TR-CERT
Reserved: 11.05.2026 Published: 17.07.2026 Updated: 17.07.2026

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows SQL Injection.

This issue affects GisLab Laboratory Management System: from 1.4.03 through 08072026.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8

Product Status

Vendor Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc.
Product GisLab Laboratory Management System
Versions Default: unaffected
  • affected from 1.4.03 to 08072026 (incl.)

Credits

  • Mehmet Abdullah ADBAY finder

References

Problem Types

  • CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection') CWE

Impacts

  • CAPEC-66 SQL Injection