Devcode

Openstamanager

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-24419

Exploit
  • EPSS 0.03%
  • Veröffentlicht 06.02.2026 18:15:58
  • Zuletzt bearbeitet 09.02.2026 21:55:03

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the Prima Nota (Journal Entry) module's add.php file. The app...

8.8

CVE-2025-69212

Exploit
  • EPSS 0.1%
  • Veröffentlicht 06.02.2026 18:12:38
  • Zuletzt bearbeitet 09.02.2026 21:54:21

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M (signed XML) file decoding functionality. An authenticated attacker can...

8.8

CVE-2025-69214

Exploit
  • EPSS 0.01%
  • Veröffentlicht 06.02.2026 18:11:34
  • Zuletzt bearbeitet 09.02.2026 21:53:03

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability exists in the ajax_select.php endpoint when handling the componenti operation. An authenticated attacker...

6.5

CVE-2025-69216

Exploit
  • EPSS 0.01%
  • Veröffentlicht 06.02.2026 18:10:33
  • Zuletzt bearbeitet 09.02.2026 21:50:16

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario (Payment Schedule) print template allows any authenticated...

6.5

CVE-2026-24416

Exploit
  • EPSS 0.01%
  • Veröffentlicht 06.02.2026 18:08:44
  • Zuletzt bearbeitet 09.02.2026 21:44:51

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the article pricing completion handler. The application ...

6.5

CVE-2026-24417

Exploit
  • EPSS 0.01%
  • Veröffentlicht 06.02.2026 18:07:52
  • Zuletzt bearbeitet 09.02.2026 21:43:49

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the global search functionality. The application fails t...

6.5

CVE-2026-24418

Exploit
  • EPSS 0.01%
  • Veröffentlicht 06.02.2026 18:06:47
  • Zuletzt bearbeitet 09.02.2026 21:42:38

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the bulk operations handler for the Scadenzario (Payment Sche...

8.8

CVE-2025-69215

Exploit
  • EPSS 0.03%
  • Veröffentlicht 04.02.2026 17:42:31
  • Zuletzt bearbeitet 18.02.2026 15:16:10

OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. At time of publication, no known patch exists.

8.8

CVE-2025-69213

Exploit
  • EPSS 0.03%
  • Veröffentlicht 04.02.2026 17:42:28
  • Zuletzt bearbeitet 18.02.2026 15:16:41

OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajax_complete.php endpoint when handling the get_sedi operation. An authenticated att...

6.1

CVE-2023-38878

Exploit
  • EPSS 0.07%
  • Veröffentlicht 11.09.2023 22:15:08
  • Zuletzt bearbeitet 21.11.2024 08:14:20

A reflected cross-site scripting (XSS) vulnerability in DevCode OpenSTAManager versions 2.4.24 to 2.4.47 may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload into the 'error' and ...