11 matches found
CVE-2026-24418
OpenSTAManager (v2.9.8 and earlier) contains a critical Error-Based SQL Injection in the Scadenzario bulk operations module. The vulnerability arises because the id_records[] array from POST to /actions.php?id_module=18 is not validated as integers before being concatenated into an SQL IN() claus...
CVE-2025-69214
OpenSTAManager (versions 2.9.8 and earlier) contains an SQL Injection in the ajax_select.php endpoint when handling the componenti operation. The vulnerability arises from directly concatenating user-supplied input from options[matricola] into an IN() clause in modules/impianti/ajax/select.php, e...
CVE-2026-28805
OpenSTAManager before v2.10.2 is vulnerable to Time-Based Blind SQL Injection via the options[stato] parameter in multiple AJAX endpoints (preventivi, ordini-cliente, contratti). The user-supplied value is read from $superselect['stato'] and concatenated into SQL WHERE clauses without sanitizatio...
CVE-2026-35470
OpenSTAManager
CVE-2026-35168
OpenSTAManager before version 2.10.2 exposes a vulnerability in the Aggiornamenti module (op=risolvi-conflitti-database). It accepts a JSON array of SQL statements via POST and executes them directly on the MySQL database without validation, allowlists, or sanitization, enabling an authenticated ...
CVE-2025-69216
OpenSTAManager (versions 2.9.8 and earlier) contains an authenticated SQL injection in the Scadenzario (Payment Schedule) print template. The flaw resides in templates/scadenzario/init.php where the id_anagrafica parameter is directly concatenated into an SQL query, bypassing sanitization. This e...
CVE-2026-24416
CVE-2026-24416 affects OpenSTAManager (v2.9.8 and earlier). A critical Time-Based Blind SQL Injection exists in the article pricing completion path, triggered via the GET parameter idarticolo in the /modules/articoli/ajax/complete.php endpoint. The root cause is an inconsistent query construction...
CVE-2026-24417
OpenSTAManager (v2.9.8 and earlier) contains a Time-Based Blind SQL Injection in the global search that concatenates the user-supplied term into SQL LIKE clauses across 10+ modules via /ajax_search.php. The vulnerability arises from direct string interpolation of $term in multiple module search.p...
CVE-2025-69213
CVE-2025-69213 affects OpenSTAManager prior to 2.10-beta, with a SQL Injection in the ajax_complete.php endpoint (get_sedi) that concatenates user input from the idanagrafica parameter into the SQL query. The vulnerability enables an authenticated attacker to inject SQL via idanagrafica, potentia...
CVE-2025-69215
OpenSTAManagerβs Stampe Module (version 2.9.8 and earlier) contains an SQL Injection in the Stampe actions.php handler (case 'update'): the POST parameter module is concatenated into an UPDATE query without proper sanitization, enabling error-based SQL injection via endpoints like POST /modules/s...
CVE-2026-24419
OpenSTAManager (v2.9.8 and earlier) contains a critical Error-Based SQL Injection in the Prima Nota (Journal Entry) module, via unsafely handling id_documenti from GET: values are split by comma and injected into an IN() clause without type validation. Technical details across multiple sources co...