pkg:Packagist/devcode-it/openstamanager

All known vulnerabilities

• CRITICAL9.8CVE-2026-27012OpenSTAManager affected by unauthenticated privilege escalation via modules/utenti/actions.php
  from 0, <= 2.9.8
• HIGH8.8CVE-2026-35470OpenSTAManager has a SQL Injection via righe Parameter in confronta_righe Modals
  from 0, < 2.10.2
• HIGH8.8CVE-2026-35168OpenSTAManager: SQL Injection via Aggiornamenti Module
  from 0, < 2.10.2
• HIGH8.8CVE-2026-28805OpenSTAManager has a Time-Based Blind SQL Injection via `options[stato]` Parameter
  from 0, < 2.10.2
• HIGH8.8CVE-2025-69214OpenSTAManager has a SQL Injection in ajax_select.php (componenti endpoint)
  from 0, <= 2.9.8
• HIGH8.8CVE-2025-65103OpenSTAManager has Authenticated SQL Injection in API via 'display' parameter
  from 0, < 2.9.5
• HIGH7.2CVE-2026-38751OpenSTAManager contains an arbitrary file upload vulnerability in its module update functionality
  from 0, <= 2.10-beta
• HIGH7.2CVE-2026-29782OpenSTAManager Affected by Remote Code Execution via Insecure Deserialization in OAuth2
  from 0, < 2.10.2
• —CVE-2026-24415OpenSTAManager Affected by XSS in modifica_iva.php via righe parameter
  from 0, < 2.9.8
• —CVE-2026-24419OpenSTAManager has a SQL Injection in the Prima Nota module
  from 0, <= 2.9.8
• —CVE-2026-24418OpenSTAManager has a SQL Injection vulnerability in the Scadenzario bulk operations module
  from 0, <= 2.9.8
• —CVE-2026-24417OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service
  from 0
• —CVE-2026-24416OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module
  from 0, <= 2.9.8
• —CVE-2025-69216OpenSTAManager has a SQL Injection in Scadenzario Print Template
  from 0, <= 2.9.8
• —CVE-2025-69212OpenSTAManager has an OS Command Injection in P7M File Processing
  from 0, <= 2.9.8
• —CVE-2025-69215OpenSTAManager has an SQL Injection in the Stampe Module
  from 0, <= 2.9.8
• —CVE-2025-69213OpenSTAManager has a SQL Injection in ajax_complete.php (get_sedi endpoint)
  from 0, <= 2.9.8