5 matches found
CVE-2025-69216
OpenSTAManager (versions 2.9.8 and earlier) contains an authenticated SQL injection in the Scadenzario (Payment Schedule) print template. The flaw resides in templates/scadenzario/init.php where the id_anagrafica parameter is directly concatenated into an SQL query, bypassing sanitization. This e...
SQL Injection
Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to SQL Injection via the idanagrafica parameter in the init.php file. An attacker can extract sensitive database information, including...
OpenSTAManager has a SQL Injection in Scadenzario Print Template
Summary An authenticated SQL Injection vulnerability in OpenSTAManager's Scadenzario Payment Schedule print template allows any authenticated user to extract sensitive data from the database, including admin credentials, customer information, and financial records. The vulnerability enables...
OpenSTAManager SQL注入漏洞
OpenSTAManager is an open-source management software for technical assistance and billing developed by Devcode. Versions of OpenSTAManager 2.9.8 and earlier contained a SQL injection vulnerability. This vulnerability stemmed from the idanagrafica parameter in the Scadenzario print template being...
PT-2026-6769
Name of the Vulnerable Software and Affected Versions OpenSTAManager versions 2.9.8 and earlier Description OpenSTAManager is susceptible to an authenticated SQL injection issue within the Scadenzario Payment Schedule print template. Any authenticated user can exploit this to extract sensitive da...