5 matches found
📄 OpenSTAManager 2.9.8 Command Injection
OpenSTAManager versions 2.9.8 and below suffer from a command injection vulnerability via the P7M file processing functionality. CVE-2025-69212: OpenSTAManager has an OS Command Injection in P7M File Processing Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69212 | | Severity | CRITIC...
Exploit for OS Command Injection in Devcode Openstamanager
CVE-2025-69212: OpenSTAManager has an OS Command Injection in...
CVE-2025-69212
OpenSTAManager (2.9.8 and earlier) is affected by a critical OS Command Injection in decoding P7M (signed XML) files. The root cause is that decodeP7M($file) passes user-controlled filenames directly into PHP’s exec() without proper sanitization, enabling an authenticated attacker to craft a ZIP ...
CVE-2025-69212 OpenSTAManager has an OS Command Injection in P7M File Processing
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M signed XML file decoding functionality. An authenticated attacker can upload a ZIP file containing a .p7m file with a...
GHSA-25FP-8W8P-MX36 OpenSTAManager has an OS Command Injection in P7M File Processing
Summary A critical OS Command Injection vulnerability exists in the P7M signed XML file decoding functionality. An authenticated attacker can upload a ZIP file containing a .p7m file with a malicious filename to execute arbitrary system commands on the server. Vulnerable Code File:...