Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

openstamanager — Vulnerabilities & Security Advisories 16

All 16 CVE vulnerabilities found in openstamanager, with AI-generated Chinese analysis, references, and POCs.

Vendor: devcode-it

CVE IDTitleCVSSSeverityPublished
CVE-2026-35470 OpenSTAManager has a SQL Injection via righe Parameter in confronta_righe Modals CWE-89 8.8 High2026-04-06
CVE-2026-35168 OpenSTAManager: SQL Injection via Aggiornamenti Module CWE-89 8.8 High2026-04-02
CVE-2026-28805 OpenSTAManager: Time-Based Blind SQL Injection via `options[stato]` Parameter CWE-89 8.8 High2026-04-02
CVE-2026-29782 OpenSTAManager: Remote Code Execution via Insecure Deserialization in OAuth2 CWE-502 7.2 High2026-04-02
CVE-2026-27012 Unauthenticated privilege escalation in OpenSTAManager via modules/utenti/actions.php CWE-306 9.8 Critical2026-03-03
CVE-2026-24415 OpenSTAManager affected by reflected XSS in modifica_iva.php via righe parameter CWE-79 6.1AIMediumAI2026-03-03
CVE-2025-69212 OpenSTAManager has an OS Command Injection in P7M File Processing CWE-78 8.8AIHighAI2026-02-06
CVE-2025-69214 OpenSTAManager has a SQL Injection in ajax_select.php (componenti endpoint) CWE-89 8.8AIHighAI2026-02-06
CVE-2025-69216 OpenSTAManager has an SQL Injection in Scadenzario Print Template CWE-89 6.5AIMediumAI2026-02-06
CVE-2026-24416 OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module CWE-89 9.1AICriticalAI2026-02-06
CVE-2026-24417 OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service CWE-89 9.1AICriticalAI2026-02-06
CVE-2026-24418 OpenSTAManager has an SQL Injection vulnerability in the Scadenzario bulk operations module CWE-89 8.1AIHighAI2026-02-06
CVE-2026-24419 OpenSTAManager has an SQL Injection in the Prima Nota module CWE-89 9.1AICriticalAI2026-02-06
CVE-2025-69215 OpenSTAManager has an SQL Injection in the Stampe Module CWE-89 8.8AIHighAI2026-02-04
CVE-2025-69213 OpenSTAManager has a SQL Injection in ajax_complete.php (get_sedi endpoint) CWE-89 8.8AIHighAI2026-02-04
CVE-2025-65103 OpenSTAManager has an authenticated SQL Injection vulnerability in API via 'display' parameter CWE-89 8.8 High2025-11-19

All 16 known CVE vulnerabilities affecting openstamanager with full Chinese analysis, references, and POCs where available.