CVE-2025-69216 OpenSTAManager has an SQL Injection in Scadenzario Print Template

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario Payment Schedule print template allows any authenticated user to extract sensitive data from the database...

CVE-2025-69216 OpenSTAManager has an SQL Injection in Scadenzario Print Template

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario Payment Schedule print template allows any authenticated user to extract sensitive data from the database...

CVE-2025-69216

OpenSTAManager (versions 2.9.8 and earlier) contains an authenticated SQL injection in the Scadenzario (Payment Schedule) print template. The flaw resides in templates/scadenzario/init.php where the id_anagrafica parameter is directly concatenated into an SQL query, bypassing sanitization. This e...

EUVD-2026-5624

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the global search functionality. The application fails to properly sanitize the term parameter before...

CVE-2026-24418 OpenSTAManager has an SQL Injection vulnerability in the Scadenzario bulk operations module

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the bulk operations handler for the Scadenzario Payment Schedule module. The application fails to validate...

CVE-2026-24418 OpenSTAManager has an SQL Injection vulnerability in the Scadenzario bulk operations module

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the bulk operations handler for the Scadenzario Payment Schedule module. The application fails to validate...

CVE-2026-24418

OpenSTAManager (v2.9.8 and earlier) contains a critical Error-Based SQL Injection in the Scadenzario bulk operations module. The vulnerability arises because the id_records[] array from POST to /actions.php?id_module=18 is not validated as integers before being concatenated into an SQL IN() claus...

CVE-2026-24418 OpenSTAManager has an SQL Injection vulnerability in the Scadenzario bulk operations module

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the bulk operations handler for the Scadenzario Payment Schedule module. The application fails to validate...

OpenSTAManager has a SQL Injection in Scadenzario Print Template

Summary An authenticated SQL Injection vulnerability in OpenSTAManager's Scadenzario Payment Schedule print template allows any authenticated user to extract sensitive data from the database, including admin credentials, customer information, and financial records. The vulnerability enables...

CVE-2026-24419

OpenSTAManager (v2.9.8 and earlier) contains a critical Error-Based SQL Injection in the Prima Nota (Journal Entry) module, via unsafely handling id_documenti from GET: values are split by comma and injected into an IN() clause without type validation. Technical details across multiple sources co...

SQL Injection

Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to SQL Injection via the ajaxselect.php page when handling the componenti operation. An attacker can access, extract, or modify database...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the UpdateRepoFile function. An attacker can execute arbitrary system commands by updating files within the .git directory remotely via API router. This vulnerability is a bypass for the one addressed in...

CVE-2026-2060

A vulnerability was found in code-projects Simple Blood Donor Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /simpleblooddonor/editcampaignform.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the...

CVE-2026-2060 code-projects Simple Blood Donor Management System editcampaignform.php sql injection

A vulnerability was found in code-projects Simple Blood Donor Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /simpleblooddonor/editcampaignform.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the...

CVE-2026-2103

Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt a...

CVE-2019-25303

TheJshen ContentManagementSystem 1.04 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to extract or manipulate database information...

CVE-2019-25300

thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or modify database information...

CVE-2019-25301

Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments with embedded JavaScript through the 'content' parameter in addcommentsql.php to execute arbitrar...

CVE-2019-25298

html5snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through RouterID and RouterIP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques to potentially extract or modify database information by...

CVE-2026-2059 SourceCodester Medical Center Portal Management System emp_edit1.php sql injection

A vulnerability has been found in SourceCodester Medical Center Portal Management System 1.0. Affected is an unknown function of the file /empedit1.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the publ...