Devcode

Openstamanager

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2026-35470

Exploit
  • EPSS 0.03%
  • Veröffentlicht 06.04.2026 17:40:32
  • Zuletzt bearbeitet 14.04.2026 19:58:01

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confronta_righe.php files across different modules in OpenSTAManager contain an SQL Injection vulnerability. The righe parameter received vi...

8.8

CVE-2026-35168

Exploit
  • EPSS 0.08%
  • Veröffentlicht 02.04.2026 14:16:31
  • Zuletzt bearbeitet 07.04.2026 18:30:59

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the Aggiornamenti (Updates) module in OpenSTAManager contains a database conflict resolution feature (op=risolvi-conflitti-database)...

7.2

CVE-2026-29782

Exploit
  • EPSS 0.11%
  • Veröffentlicht 02.04.2026 14:16:27
  • Zuletzt bearbeitet 07.04.2026 21:19:46

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the oauth2.php file in OpenSTAManager is an unauthenticated endpoint ($skip_permissions = true). It loads a record from the zz_oauth...

8.8

CVE-2026-28805

Exploit
  • EPSS 0.04%
  • Veröffentlicht 02.04.2026 14:16:26
  • Zuletzt bearbeitet 07.04.2026 21:17:55

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, multiple AJAX select handlers in OpenSTAManager are vulnerable to Time-Based Blind SQL Injection through the options[stato] GET para...

9.8

CVE-2026-27012

Exploit
  • EPSS 0.03%
  • Veröffentlicht 03.03.2026 22:16:28
  • Zuletzt bearbeitet 05.03.2026 18:19:03

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's gro...

6.1

CVE-2026-24415

Exploit
  • EPSS 0.04%
  • Veröffentlicht 03.03.2026 21:51:41
  • Zuletzt bearbeitet 05.03.2026 18:26:09

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contains Reflected XSS vulnerabilities in invoice/order/contract modification modals. The application fails to properly san...

6.5

CVE-2026-24419

Exploit
  • EPSS 0.01%
  • Veröffentlicht 06.02.2026 18:15:58
  • Zuletzt bearbeitet 09.02.2026 21:55:03

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the Prima Nota (Journal Entry) module's add.php file. The app...

8.8

CVE-2025-69212

Exploit
  • EPSS 0.11%
  • Veröffentlicht 06.02.2026 18:12:38
  • Zuletzt bearbeitet 09.02.2026 21:54:21

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M (signed XML) file decoding functionality. An authenticated attacker can...

8.8

CVE-2025-69214

Exploit
  • EPSS 0.01%
  • Veröffentlicht 06.02.2026 18:11:34
  • Zuletzt bearbeitet 09.02.2026 21:53:03

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability exists in the ajax_select.php endpoint when handling the componenti operation. An authenticated attacker...

6.5

CVE-2025-69216

Exploit
  • EPSS 0.01%
  • Veröffentlicht 06.02.2026 18:10:33
  • Zuletzt bearbeitet 09.02.2026 21:50:16

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario (Payment Schedule) print template allows any authenticated...