15 matches found
📄 OpenSTAManager 2.9.8 SQL Injection
OpenSTAManager versions 2.9.8 and below suffer from a remote time-based SQL injection vulnerability in the Article Pricing module. CVE-2026-24416: OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module Overview | Field | Details | |---|---| | CVE ID | CVE-2026-24416 | |...
Exploit for SQL Injection in Devcode Openstamanager
CVE-2026-24416: OpenSTAManager has a Time-Based Blind SQL Inje...
CVE-2026-24416
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the article pricing completion handler. The application fails to properly sanitize the idarticolo...
CVE-2026-24416
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the article pricing completion handler. The application fails to properly sanitize the idarticolo...
SQL Injection
Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to SQL Injection via the idarticolo parameter in the article pricing module's completion handler. An attacker can extract sensitive databa...
OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module
Summary Critical Time-Based Blind SQL Injection vulnerability in the article pricing module of OpenSTAManager v2.9.8 allows authenticated attackers to extract complete database contents including user credentials, customer data, and financial records through time-based Boolean inference attacks...
GHSA-P864-FQGV-92Q4 OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module
Summary Critical Time-Based Blind SQL Injection vulnerability in the article pricing module of OpenSTAManager v2.9.8 allows authenticated attackers to extract complete database contents including user credentials, customer data, and financial records through time-based Boolean inference attacks...
CVE-2026-24416
CVE-2026-24416 affects OpenSTAManager (v2.9.8 and earlier). A critical Time-Based Blind SQL Injection exists in the article pricing completion path, triggered via the GET parameter idarticolo in the /modules/articoli/ajax/complete.php endpoint. The root cause is an inconsistent query construction...
CVE-2026-24416 OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the article pricing completion handler. The application fails to properly sanitize the idarticolo...
CVE-2026-24416 OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the article pricing completion handler. The application fails to properly sanitize the idarticolo...
EUVD-2026-5641
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the article pricing completion handler. The application fails to properly sanitize the idarticolo...
CVE-2026-24416 OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the article pricing completion handler. The application fails to properly sanitize the idarticolo...
PT-2026-6772
Name of the Vulnerable Software and Affected Versions OpenSTAManager versions 2.9.8 and earlier Description OpenSTAManager contains a critical Time-Based Blind SQL Injection vulnerability in the article pricing completion handler. The application does not properly sanitize the idarticolo paramete...
OpenSTAManager SQL注入漏洞
OpenSTAManager is an open-source management software for technical assistance and billing developed by Devcode. Versions of OpenSTAManager prior to v2.9.8 contained a SQL injection vulnerability. This vulnerability stemmed from improper cleaning of the idarticolo parameter in the article pricing...
donationitalia.org XSS vulnerability
Open Bug Bounty ID: OBB-575588 Description| Value ---|--- Affected Website:| donationitalia.org Open Bug Bounty Program:| Not created yet Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...