Lucene search
K

7 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/06 6:11 p.m.23 views

CVE-2025-69214

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability exists in the ajaxselect.php endpoint when handling the componenti operation. An authenticated attacker can inject malicious SQL code through the...

8.7CVSS5.9AI score0.00423EPSS
Exploits3References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/06 6:11 p.m.3 views

CVE-2025-69214 OpenSTAManager has a SQL Injection in ajax_select.php (componenti endpoint)

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability exists in the ajaxselect.php endpoint when handling the componenti operation. An authenticated attacker can inject malicious SQL code through the...

8.7CVSS6.1AI score0.00423EPSS
Exploits3References1
CVE
CVE
added 2026/02/06 6:11 p.m.26 views

CVE-2025-69214

OpenSTAManager (versions 2.9.8 and earlier) contains an SQL Injection in the ajax_select.php endpoint when handling the componenti operation. The vulnerability arises from directly concatenating user-supplied input from options[matricola] into an IN() clause in modules/impianti/ajax/select.php, e...

8.8CVSS5.9AI score0.00423EPSS
Exploits3References1Affected Software1
OSV
OSV
added 2026/02/06 6:11 p.m.7 views

CVE-2025-69214 OpenSTAManager has a SQL Injection in ajax_select.php (componenti endpoint)

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability exists in the ajaxselect.php endpoint when handling the componenti operation. An authenticated attacker can inject malicious SQL code through the...

8.7CVSS5.9AI score0.00423EPSS
Exploits3References3
Snyk
Snyk
added 2026/02/06 6:4 p.m.3 views

SQL Injection

Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to SQL Injection via the ajaxselect.php page when handling the componenti operation. An attacker can access, extract, or modify database...

8.8CVSS5.9AI score0.00423EPSS
Exploits3References2
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.17 views

OpenSTAManager SQL注入漏洞

OpenSTAManager is an open-source management software for technical assistance and billing developed by Devcode. Versions of OpenSTAManager 2.9.8 and earlier contained a SQL injection vulnerability. This vulnerability stemmed from the ajaxselect.php endpoint during componenti operations, allowing...

8.8CVSS5.9AI score0.00423EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.3 views

PT-2026-6768

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions 2.9.8 and earlier Description OpenSTAManager is susceptible to a SQL Injection issue within the ajax select.php endpoint when processing the componenti operation. An authenticated attacker can inject malicious SQL code...

8.7CVSS6AI score0.00423EPSS
Exploits3References7
Rows per page
Query Builder