devcode-it/openstamanager Security Advisories for v2.4.43 (3)
-
[HIGH] OpenSTAManager has an SQL Injection in the Stampe Module
PKSA-z7vr-c7n6-k2xn CVE-2025-69215 GHSA-qx9p-w3vj-q24q
Affected version: <=2.9.8
Reported by:
GitHub -
[HIGH] OpenSTAManager has a SQL Injection in ajax_complete.php (get_sedi endpoint)
PKSA-8235-xswg-bmnf CVE-2025-69213 GHSA-w995-ff8h-rppg
Affected version: <=2.9.8
Reported by:
GitHub -
[HIGH] OpenSTAManager has Authenticated SQL Injection in API via 'display' parameter
PKSA-xh8m-q572-khyv CVE-2025-65103 GHSA-2jm2-2p35-rp3j
Affected version: <=2.9.4
Reported by:
GitHub