CVE-2026-24418

🗓️ 06 Feb 2026 18:06:47Reported by GitHub_MType

cve🔗 web.nvd.nist.gov👁 9 Views🌐 WEB

CVE-2026-24418: OpenSTAManager pre-2.9.9 SQL injection in Scadenzario bulk ops via unvalidated id_records.

Reporter	Title	Published	Views	Family All 15
ATTACKERKB	CVE-2026-24418	6 Feb 202618:06	–	attackerkb
Circl	CVE-2026-24418	6 Feb 202616:47	–	circl
CNNVD	OpenSTAManager SQL注入漏洞	6 Feb 202600:00	–	cnnvd
Cvelist	CVE-2026-24418 OpenSTAManager has an SQL Injection vulnerability in the Scadenzario bulk operations module	6 Feb 202618:06	–	cvelist
GithubExploit	Exploit for SQL Injection in Devcode Openstamanager	11 Apr 202619:14	–	githubexploit
EUVD	EUVD-2026-5632	6 Feb 202618:06	–	euvd
Github Security Blog	OpenSTAManager has a SQL Injection vulnerability in the Scadenzario bulk operations module	6 Feb 202618:24	–	github
NVD	CVE-2026-24418	6 Feb 202619:16	–	nvd
OSV	CVE-2026-24418 OpenSTAManager has an SQL Injection vulnerability in the Scadenzario bulk operations module	6 Feb 202618:06	–	osv
OSV	GHSA-4XWV-49C8-FVHQ OpenSTAManager has a SQL Injection vulnerability in the Scadenzario bulk operations module	6 Feb 202618:24	–	osv

NVD

Vulners

Node

devcode openstamanagerRange≤2.9.8

[
  {
    "vendor": "devcode-it",
    "product": "openstamanager",
    "versions": [
      {
        "version": "<= 2.9.8",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/devcode-it/openstamanager/security/advisories/GHSA-4xwv-49c8-fvhq

Parameter	Position	Path	Description	CWE
id_records[]	request body	/actions.php?id_module=18	Error-based SQL Injection in Scadenzario bulk operations via id_records array leading to IN(...) SQL injection	CWE-89

17 Jun 2026 10:23Current

6Medium risk

Vulners AI Score6

CVSS 3.16.5

CVSS 48.7

EPSS0.00356

SSVC

CWE-89