Openstamanager@* Security Vulnerabilities and Issues — Openstamanager@* CVE List

DevcodeOpenstamanager*

4 matches found

CVE•added 2026/04/02 1:42 p.m.•21 views

CVE-2026-29782

OpenSTAManager CVE-2026-29782 describes an unauthenticated deserialization vulnerability in the OAuth2 flow. The oauth2.php endpoint reads and deserializes the access_token field from zz_oauth2 without class restrictions, enabling an attacker who can modify the database (e.g., via another vulnera...

7.2CVSS5.8AI score0.0057EPSS

CVE•added 2026/04/02 1:44 p.m.•17 views

CVE-2026-28805

OpenSTAManager before v2.10.2 is vulnerable to Time-Based Blind SQL Injection via the options[stato] parameter in multiple AJAX endpoints (preventivi, ordini-cliente, contratti). The user-supplied value is read from $superselect['stato'] and concatenated into SQL WHERE clauses without sanitizatio...

8.8CVSS6AI score0.0046EPSS

CVE•added 2026/04/06 5:40 p.m.•13 views

CVE-2026-35470

OpenSTAManager

8.8CVSS6.1AI score0.00416EPSS

CVE•added 2026/04/02 1:48 p.m.•9 views

CVE-2026-35168

OpenSTAManager before version 2.10.2 exposes a vulnerability in the Aggiornamenti module (op=risolvi-conflitti-database). It accepts a JSON array of SQL statements via POST and executes them directly on the MySQL database without validation, allowlists, or sanitization, enabling an authenticated ...

8.8CVSS6.3AI score0.00668EPSS