CVE-2026-38751

OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality modules/aggiornamenti/uploadmodules.php...

GHSA-RM34-FG4M-39MW OpenSTAManager contains an arbitrary file upload vulnerability in its module update functionality

OpenSTAManager versions 2.10 and earlier contain an arbitrary file upload vulnerability in the module update functionality modules/aggiornamenti/uploadmodules.php...

OpenSTAManager contains an arbitrary file upload vulnerability in its module update functionality

OpenSTAManager versions 2.10 and earlier contain an arbitrary file upload vulnerability in the module update functionality modules/aggiornamenti/uploadmodules.php...

Arbitrary File Upload

Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to Arbitrary File Upload via the uploadmodules.php process. An attacker can upload arbitrary files by exploiting insufficient validation...

CVE-2026-38751

OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality modules/aggiornamenti/uploadmodules.php...

PT-2026-36895

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions prior to 2.11 Description An arbitrary file upload issue exists in the module update functionality within the 'modules/aggiornamenti/upload modules.php' endpoint. Recommendations Update to a version later than 2.10...

CVE-2026-38751

OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality modules/aggiornamenti/uploadmodules.php...

OpenSTAManager 代码问题漏洞

OpenSTAManager is an open-source management software for technical assistance and billing developed by Devcode. Versions of OpenSTAManager 2.10 and earlier had code-related vulnerabilities, which stemmed from arbitrary file upload vulnerabilities in the module update function...

CVE-2026-38751

OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality modules/aggiornamenti/uploadmodules.php...

EUVD-2026-27086

OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality modules/aggiornamenti/uploadmodules.php...

CVE-2026-38751

CVE-2026-38751 affects OpenSTAManager versions prior to 2.11 (2.10 and earlier) and is an arbitrary file upload vulnerability in the module update endpoint (modules/aggiornamenti/upload_modules.php). The Red Hat/NVD/CVE records, along with PT-Security and CVE enrichment sources, confirm a vulnera...

📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in the Scadenzario Print Template. CVE-2025-69216: OpenSTAManager has a SQL Injection in Scadenzario Print Template Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69216 | | Severity | HIGH | |...

📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in the Prima Nota module. CVE-2026-24419: OpenSTAManager has a SQL Injection in the Prima Nota module Overview | Field | Details | |---|---| | CVE ID | CVE-2026-24419 | | Severity | HIGH | | Advisory | View...

📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in the Scadenzario bulk operations module. CVE-2026-24418: OpenSTAManager has a SQL Injection vulnerability in the Scadenzario bulk operations module Overview | Field | Details | |---|---| | CVE ID |...

📄 OpenSTAManager 2.9.8 SQL Injection / Denial of Service

OpenSTAManager versions 2.9.8 and below suffer from a remote time-based SQL injection vulnerability in the search functionality that can lead to a denial of service condition. CVE-2026-24417: OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service Overview | Field |...

📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in the Stampe module. CVE-2025-69215: OpenSTAManager has an SQL Injection in the Stampe Module Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69215 | | Severity | HIGH | | Advisory | View Advisory...

📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote time-based SQL injection vulnerability in the Article Pricing module. CVE-2026-24416: OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module Overview | Field | Details | |---|---| | CVE ID | CVE-2026-24416 | |...

📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in ajaxcomplete.php. CVE-2025-69213: OpenSTAManager has a SQL Injection in ajaxcomplete.php getsedi endpoint Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69213 | | Severity | HIGH | | Advisory |...

📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in ajaxselect.php. CVE-2025-69214: OpenSTAManager has a SQL Injection in ajaxselect.php componenti endpoint Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69214 | | Severity | HIGH | | Advisory |...

📄 OpenSTAManager 2.9.8 Command Injection

OpenSTAManager versions 2.9.8 and below suffer from a command injection vulnerability via the P7M file processing functionality. CVE-2025-69212: OpenSTAManager has an OS Command Injection in P7M File Processing Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69212 | | Severity | CRITIC...