devcode-it/openstamanager Security Advisories for v2.4.43 (17)
-
[HIGH] OpenSTAManager contains an arbitrary file upload vulnerability in its module update functionality
PKSA-4d6v-4cnw-287h CVE-2026-38751 GHSA-rm34-fg4m-39mw
Affected version: <=2.10-beta
Reported by:
GitHub -
[HIGH] OpenSTAManager has a SQL Injection via righe Parameter in confronta_righe Modals
PKSA-398m-bjsp-p21n CVE-2026-35470 GHSA-mmm5-3g4x-qw39
Affected version: <=2.10.1
Reported by:
GitHub -
[HIGH] OpenSTAManager: SQL Injection via Aggiornamenti Module
PKSA-dx7q-hp3f-cn12 CVE-2026-35168 GHSA-2fr7-cc4f-wh98
Affected version: <=2.10.1
Reported by:
GitHub -
[HIGH] OpenSTAManager Affected by Remote Code Execution via Insecure Deserialization in OAuth2
PKSA-7wd8-5d3q-gt4k CVE-2026-29782 GHSA-whv5-4q2f-q68g
Affected version: <=2.10.1
Reported by:
GitHub -
[HIGH] OpenSTAManager has a Time-Based Blind SQL Injection via `options[stato]` Parameter
PKSA-84pv-3jy7-8y8y CVE-2026-28805 GHSA-3gw8-3mg3-jmpc
Affected version: <=2.10.1
Reported by:
GitHub -
[CRITICAL] OpenSTAManager affected by unauthenticated privilege escalation via modules/utenti/actions.php
PKSA-gkxr-gfn8-3tk2 CVE-2026-27012 GHSA-247v-7cw6-q57v
Affected version: <=2.9.8
Reported by:
GitHub -
[MEDIUM] OpenSTAManager Affected by XSS in modifica_iva.php via righe parameter
PKSA-xj58-vqx8-fbpq CVE-2026-24415 GHSA-jfgp-g7x7-j25j
Affected version: <2.9.8
Reported by:
GitHub -
[HIGH] OpenSTAManager has a SQL Injection in the Prima Nota module
PKSA-6h6r-npfh-qb3m CVE-2026-24419 GHSA-4j2x-jh4m-fqv6
Affected version: <=2.9.8
Reported by:
GitHub -
[HIGH] OpenSTAManager has a SQL Injection vulnerability in the Scadenzario bulk operations module
PKSA-ff9m-7w2n-x2fw CVE-2026-24418 GHSA-4xwv-49c8-fvhq
Affected version: <=2.9.8
Reported by:
GitHub -
[HIGH] OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service
PKSA-h29d-v9rg-p75n CVE-2026-24417 GHSA-4hc4-8599-xh2h
Affected version: <2.9.8
Reported by:
GitHub -
[HIGH] OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module
PKSA-9s5k-763f-q4yd CVE-2026-24416 GHSA-p864-fqgv-92q4
Affected version: <=2.9.8
Reported by:
GitHub -
[HIGH] OpenSTAManager has a SQL Injection in Scadenzario Print Template
PKSA-vrdb-wqb7-67h2 CVE-2025-69216 GHSA-q6g3-fv43-m2w6
Affected version: <=2.9.8
Reported by:
GitHub -
[HIGH] OpenSTAManager has a SQL Injection in ajax_select.php (componenti endpoint)
PKSA-wvq9-cxvz-jy62 CVE-2025-69214 GHSA-qjv8-63xq-gq8m
Affected version: <=2.9.8
Reported by:
GitHub -
[CRITICAL] OpenSTAManager has an OS Command Injection in P7M File Processing
PKSA-myj2-kgh7-vymm CVE-2025-69212 GHSA-25fp-8w8p-mx36
Affected version: <=2.9.8
Reported by:
GitHub -
[HIGH] OpenSTAManager has an SQL Injection in the Stampe Module
PKSA-z7vr-c7n6-k2xn CVE-2025-69215 GHSA-qx9p-w3vj-q24q
Affected version: <=2.9.8
Reported by:
GitHub -
[HIGH] OpenSTAManager has a SQL Injection in ajax_complete.php (get_sedi endpoint)
PKSA-8235-xswg-bmnf CVE-2025-69213 GHSA-w995-ff8h-rppg
Affected version: <=2.9.8
Reported by:
GitHub -
[HIGH] OpenSTAManager has Authenticated SQL Injection in API via 'display' parameter
PKSA-xh8m-q572-khyv CVE-2025-65103 GHSA-2jm2-2p35-rp3j
Affected version: <=2.9.4
Reported by:
GitHub