Devcode

Openstamanager

17 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2026-38751

  • EPSS 0.37%
  • Veröffentlicht 04.05.2026 00:00:00
  • Zuletzt bearbeitet 29.05.2026 14:41:34

OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality (modules/aggiornamenti/upload_modules.php)

8.8

CVE-2026-35470

Exploit
  • EPSS 0.42%
  • Veröffentlicht 06.04.2026 17:40:32
  • Zuletzt bearbeitet 14.04.2026 19:58:01

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confronta_righe.php files across different modules in OpenSTAManager contain an SQL Injection vulnerability. The righe parameter received vi...

8.8

CVE-2026-35168

Exploit
  • EPSS 0.67%
  • Veröffentlicht 02.04.2026 14:16:31
  • Zuletzt bearbeitet 07.04.2026 18:30:59

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the Aggiornamenti (Updates) module in OpenSTAManager contains a database conflict resolution feature (op=risolvi-conflitti-database)...

7.2

CVE-2026-29782

Exploit
  • EPSS 0.57%
  • Veröffentlicht 02.04.2026 14:16:27
  • Zuletzt bearbeitet 07.04.2026 21:19:46

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the oauth2.php file in OpenSTAManager is an unauthenticated endpoint ($skip_permissions = true). It loads a record from the zz_oauth...

8.8

CVE-2026-28805

Exploit
  • EPSS 0.46%
  • Veröffentlicht 02.04.2026 14:16:26
  • Zuletzt bearbeitet 07.04.2026 21:17:55

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, multiple AJAX select handlers in OpenSTAManager are vulnerable to Time-Based Blind SQL Injection through the options[stato] GET para...

9.8

CVE-2026-27012

Exploit
  • EPSS 0.54%
  • Veröffentlicht 03.03.2026 22:16:28
  • Zuletzt bearbeitet 05.03.2026 18:19:03

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's gro...

6.1

CVE-2026-24415

Exploit
  • EPSS 0.25%
  • Veröffentlicht 03.03.2026 21:51:41
  • Zuletzt bearbeitet 05.03.2026 18:26:09

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contains Reflected XSS vulnerabilities in invoice/order/contract modification modals. The application fails to properly san...

6.5

CVE-2026-24419

Exploit
  • EPSS 0.34%
  • Veröffentlicht 06.02.2026 18:15:58
  • Zuletzt bearbeitet 09.02.2026 21:55:03

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the Prima Nota (Journal Entry) module's add.php file. The app...

8.8

CVE-2025-69212

Exploit
  • EPSS 1.76%
  • Veröffentlicht 06.02.2026 18:12:38
  • Zuletzt bearbeitet 09.02.2026 21:54:21

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M (signed XML) file decoding functionality. An authenticated attacker can...

8.8

CVE-2025-69214

Exploit
  • EPSS 0.42%
  • Veröffentlicht 06.02.2026 18:11:34
  • Zuletzt bearbeitet 09.02.2026 21:53:03

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability exists in the ajax_select.php endpoint when handling the componenti operation. An authenticated attacker...