GHSA-3GW8-3MG3-JMPC OpenSTAManager has a Time-Based Blind SQL Injection via `options[stato]` Parameter

Description Multiple AJAX select handlers in OpenSTAManager = 2.10.1 are vulnerable to Time-Based Blind SQL Injection through the optionsstato GET parameter. The user-supplied value is read from $superselect'stato' and concatenated directly into SQL WHERE clauses as a bare expression, without any...

OpenSTAManager has a Time-Based Blind SQL Injection via `options[stato]` Parameter

Description Multiple AJAX select handlers in OpenSTAManager = 2.10.1 are vulnerable to Time-Based Blind SQL Injection through the optionsstato GET parameter. The user-supplied value is read from $superselect'stato' and concatenated directly into SQL WHERE clauses as a bare expression, without any...

PT-2026-29657

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions prior to 2.10.2 Description OpenSTAManager is vulnerable to Time-Based Blind SQL Injection through the optionsstato GET parameter in multiple AJAX select handlers. The user-supplied value from optionsstato is directly...

OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service

Summary Critical Time-Based Blind SQL Injection vulnerability affecting multiple search modules in OpenSTAManager v2.9.8 allows authenticated attackers to extract sensitive database contents including password hashes, customer data, and financial records through time-based Boolean inference attac...

PT-2026-6773

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions 2.9.8 and earlier Description OpenSTAManager contains a critical Time-Based Blind SQL Injection vulnerability in the global search functionality. The application does not properly sanitize the term parameter before usin...