Lucene search
K

5 matches found

CVE
CVE
added 2026/02/06 6:10 p.m.17 views

CVE-2025-69216

OpenSTAManager (versions 2.9.8 and earlier) contains an authenticated SQL injection in the Scadenzario (Payment Schedule) print template. The flaw resides in templates/scadenzario/init.php where the id_anagrafica parameter is directly concatenated into an SQL query, bypassing sanitization. This e...

8.7CVSS5.6AI score0.00354EPSS
Exploits3References1Affected Software1
Snyk
Snyk
added 2026/02/06 6:6 p.m.5 views

SQL Injection

Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to SQL Injection via the idanagrafica parameter in the init.php file. An attacker can extract sensitive database information, including...

8.8CVSS6.1AI score0.00354EPSS
Exploits3References2
Github Security Blog
Github Security Blog
added 2026/02/06 6:6 p.m.11 views

OpenSTAManager has a SQL Injection in Scadenzario Print Template

Summary An authenticated SQL Injection vulnerability in OpenSTAManager's Scadenzario Payment Schedule print template allows any authenticated user to extract sensitive data from the database, including admin credentials, customer information, and financial records. The vulnerability enables...

8.7CVSS5.8AI score0.00354EPSS
Exploits3References3Affected Software1
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.11 views

OpenSTAManager SQL注入漏洞

OpenSTAManager is an open-source management software for technical assistance and billing developed by Devcode. Versions of OpenSTAManager 2.9.8 and earlier contained a SQL injection vulnerability. This vulnerability stemmed from the idanagrafica parameter in the Scadenzario print template being...

8.7CVSS5.9AI score0.00354EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.10 views

PT-2026-6769

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions 2.9.8 and earlier Description OpenSTAManager is susceptible to an authenticated SQL injection issue within the Scadenzario Payment Schedule print template. Any authenticated user can exploit this to extract sensitive da...

8.7CVSS5.6AI score0.00354EPSS
Exploits3References7
Rows per page
Query Builder