GHSA-3GW8-3MG3-JMPC OpenSTAManager has a Time-Based Blind SQL Injection via `options[stato]` Parameter
Description Multiple AJAX select handlers in OpenSTAManager = 2.10.1 are vulnerable to Time-Based Blind SQL Injection through the optionsstato GET parameter. The user-supplied value is read from $superselect'stato' and concatenated directly into SQL WHERE clauses as a bare expression, without any...