CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

Packet Storm•added 2026/04/13 12:0 a.m.•71 views

📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in ajaxselect.php. CVE-2025-69214: OpenSTAManager has a SQL Injection in ajaxselect.php componenti endpoint Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69214 | | Severity | HIGH | | Advisory |...

8.8CVSS5.9AI score0.00423EPSS

Exploits3

GithubExploit•added 2026/04/11 7:13 p.m.•83 views

Exploit for SQL Injection in Devcode Openstamanager

CVE-2025-69214: OpenSTAManager has a SQL Injection in ajaxsel...

8.8CVSS6AI score0.00423EPSS

Exploits3

RedhatCVE•added 2026/02/07 7:30 p.m.•4 views

CVE-2025-69214

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability exists in the ajaxselect.php endpoint when handling the componenti operation. An authenticated attacker can inject malicious SQL code through the...

8.8CVSS5.9AI score0.00423EPSS

Exploits3References1

NVD•added 2026/02/06 7:16 p.m.•7 views

CVE-2025-69214

8.8CVSS0.00423EPSS

Exploits3References1

Vulnrichment•added 2026/02/06 6:11 p.m.•3 views

CVE-2025-69214 OpenSTAManager has a SQL Injection in ajax_select.php (componenti endpoint)

8.7CVSS6.1AI score0.00423EPSS

Exploits3References1

ATTACKERKB•added 2026/02/06 6:11 p.m.•5 views

CVE-2025-69214

8.7CVSS5.9AI score0.00423EPSS

Exploits3References2Affected Software1

CVE•added 2026/02/06 6:11 p.m.•16 views

CVE-2025-69214

OpenSTAManager (versions 2.9.8 and earlier) contains an SQL Injection in the ajax_select.php endpoint when handling the componenti operation. The vulnerability arises from directly concatenating user-supplied input from options[matricola] into an IN() clause in modules/impianti/ajax/select.php, e...

8.8CVSS5.9AI score0.00423EPSS

Exploits3References1Affected Software1

Cvelist•added 2026/02/06 6:11 p.m.•30 views

CVE-2025-69214 OpenSTAManager has a SQL Injection in ajax_select.php (componenti endpoint)

8.7CVSS0.00423EPSS

Exploits3References1

OSV•added 2026/02/06 6:11 p.m.•5 views

CVE-2025-69214 OpenSTAManager has a SQL Injection in ajax_select.php (componenti endpoint)

8.7CVSS5.9AI score0.00423EPSS

Exploits3References3

OSV•added 2026/02/06 6:4 p.m.•4 views

GHSA-QJV8-63XQ-GQ8M OpenSTAManager has a SQL Injection in ajax_select.php (componenti endpoint)

Summary A SQL Injection vulnerability exists in the ajaxselect.php endpoint when handling the componenti operation. An authenticated attacker can inject malicious SQL code through the optionsmatricola parameter. Proof of Concept Vulnerable Code File: modules/impianti/ajax/select.php:122-124 php...

8.8CVSS5.9AI score0.00423EPSS

Exploits3References3

Snyk•added 2026/02/06 6:4 p.m.•2 views

SQL Injection

Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to SQL Injection via the ajaxselect.php page when handling the componenti operation. An attacker can access, extract, or modify database...

8.8CVSS5.9AI score0.00423EPSS

Exploits3References2

Github Security Blog•added 2026/02/06 6:4 p.m.•8 views

OpenSTAManager has a SQL Injection in ajax_select.php (componenti endpoint)

8.8CVSS5.9AI score0.00423EPSS

Exploits3References3Affected Software1

Positive Technologies•added 2026/02/06 12:0 a.m.•5 views

PT-2026-6867

Summary A SQL Injection vulnerability exists in the ajax select.php endpoint when handling the componenti operation. An authenticated attacker can inject malicious SQL code through the optionsmatricola parameter. Proof of Concept Vulnerable Code File: modules/impianti/ajax/select.php:122-124 php...

8.7CVSS6AI score

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by