5 matches found
GHSA-2FR7-CC4F-WH98 OpenSTAManager: SQL Injection via Aggiornamenti Module
Description The Aggiornamenti Updates module in OpenSTAManager query'SET FOREIGNKEYCHECKS=0'; // Line 69: FK checks DISABLED $errors = ; $executed = 0; foreach $queries as $query try $dbo-query$query; // Line 76: DIRECT EXECUTION ++$executed; catch Exception $e $errors = $query.' - '.$e-getMessag...
OpenSTAManager: SQL Injection via Aggiornamenti Module
Description The Aggiornamenti Updates module in OpenSTAManager query'SET FOREIGNKEYCHECKS=0'; // Line 69: FK checks DISABLED $errors = ; $executed = 0; foreach $queries as $query try $dbo-query$query; // Line 76: DIRECT EXECUTION ++$executed; catch Exception $e $errors = $query.' - '.$e-getMessag...
SQL Injection
Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to SQL Injection in the Aggiornamenti module's database conflict resolution process. An attacker can execute arbitrary SQL statements by...
CVE-2026-35168 OpenSTAManager: SQL Injection via Aggiornamenti Module
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the Aggiornamenti Updates module in OpenSTAManager contains a database conflict resolution feature op=risolvi-conflitti-database that accepts a JSON array of SQL statements via PO...
CVE-2026-35168 OpenSTAManager: SQL Injection via Aggiornamenti Module
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the Aggiornamenti Updates module in OpenSTAManager contains a database conflict resolution feature op=risolvi-conflitti-database that accepts a JSON array of SQL statements via PO...