Openstamanager
Monthly
Arbitrary SQL execution in OpenSTAManager's database conflict resolution module allows authenticated attackers with access to the Aggiornamenti (Updates) feature to execute unrestricted SQL commands. Affecting versions prior to 2.10.2, attackers can submit JSON arrays of SQL statements that execute directly against the MySQL database with foreign key checks disabled, enabling complete database compromise including data exfiltration, modification, deletion, and schema manipulation. No public exploit identified at time of analysis, though EPSS data not available; authentication requirement (PR:L) and low attack complexity (AC:L) indicate straightforward exploitation for internal threats or compromised accounts.
Privilege escalation and auth bypass in OpenSTAManager 2.9.8. PoC available.
Reflected cross-site scripting in OpenSTAManager v2.9.8 and earlier allows unauthenticated attackers to inject malicious scripts through unsanitized GET parameters in invoice/order/contract modification interfaces. Public exploit code exists for this vulnerability, affecting all users of the software. An attacker can steal session tokens, perform unauthorized actions, or compromise user browsers when victims interact with crafted malicious links.
OpenSTAManager versions 2.9.8 and earlier are vulnerable to SQL injection in the Payment Schedule module's bulk operations handler, where inadequate input validation on record IDs allows authenticated attackers to execute arbitrary SQL queries and extract sensitive data via error-based techniques. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid user credentials but can expose confidential information from the application database.
OpenSTAManager v2.9.8 and earlier allow authenticated attackers to conduct time-based SQL injection attacks through the global search functionality, enabling extraction of sensitive data from the underlying database. The vulnerability stems from insufficient input validation on the search term parameter used in SQL LIKE clauses across multiple search handlers. Public exploit code exists for this vulnerability, and no patch is currently available.
OpenSTAManager v2.9.8 and earlier allows authenticated remote attackers to extract sensitive data through time-based SQL injection in the article pricing handler due to insufficient input sanitization of the idarticolo parameter. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can infer database contents through carefully timed SQL queries without requiring user interaction.
OpenSTAManager is an open source management software for technical assistance and invoicing. [CVSS 6.5 MEDIUM]
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability exists in the ajax_select.php endpoint when handling the componenti operation. [CVSS 8.8 HIGH]
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M (signed XML) file decoding functionality. [CVSS 8.8 HIGH]
SQL injection in OpenSTAManager v2.9.8 and earlier allows authenticated attackers to extract sensitive data through the Prima Nota module's unvalidated id_documenti parameter. Public exploit code exists for this vulnerability, which bypasses input validation on comma-separated values used in SQL IN() clauses to leak information via XPATH error-based techniques. The vulnerability affects PHP-based deployments and currently has no available patch.
OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. [CVSS 8.8 HIGH]
OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajax_complete.php endpoint when handling the get_sedi operation. [CVSS 8.8 HIGH]
Arbitrary SQL execution in OpenSTAManager's database conflict resolution module allows authenticated attackers with access to the Aggiornamenti (Updates) feature to execute unrestricted SQL commands. Affecting versions prior to 2.10.2, attackers can submit JSON arrays of SQL statements that execute directly against the MySQL database with foreign key checks disabled, enabling complete database compromise including data exfiltration, modification, deletion, and schema manipulation. No public exploit identified at time of analysis, though EPSS data not available; authentication requirement (PR:L) and low attack complexity (AC:L) indicate straightforward exploitation for internal threats or compromised accounts.
Privilege escalation and auth bypass in OpenSTAManager 2.9.8. PoC available.
Reflected cross-site scripting in OpenSTAManager v2.9.8 and earlier allows unauthenticated attackers to inject malicious scripts through unsanitized GET parameters in invoice/order/contract modification interfaces. Public exploit code exists for this vulnerability, affecting all users of the software. An attacker can steal session tokens, perform unauthorized actions, or compromise user browsers when victims interact with crafted malicious links.
OpenSTAManager versions 2.9.8 and earlier are vulnerable to SQL injection in the Payment Schedule module's bulk operations handler, where inadequate input validation on record IDs allows authenticated attackers to execute arbitrary SQL queries and extract sensitive data via error-based techniques. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid user credentials but can expose confidential information from the application database.
OpenSTAManager v2.9.8 and earlier allow authenticated attackers to conduct time-based SQL injection attacks through the global search functionality, enabling extraction of sensitive data from the underlying database. The vulnerability stems from insufficient input validation on the search term parameter used in SQL LIKE clauses across multiple search handlers. Public exploit code exists for this vulnerability, and no patch is currently available.
OpenSTAManager v2.9.8 and earlier allows authenticated remote attackers to extract sensitive data through time-based SQL injection in the article pricing handler due to insufficient input sanitization of the idarticolo parameter. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can infer database contents through carefully timed SQL queries without requiring user interaction.
OpenSTAManager is an open source management software for technical assistance and invoicing. [CVSS 6.5 MEDIUM]
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability exists in the ajax_select.php endpoint when handling the componenti operation. [CVSS 8.8 HIGH]
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M (signed XML) file decoding functionality. [CVSS 8.8 HIGH]
SQL injection in OpenSTAManager v2.9.8 and earlier allows authenticated attackers to extract sensitive data through the Prima Nota module's unvalidated id_documenti parameter. Public exploit code exists for this vulnerability, which bypasses input validation on comma-separated values used in SQL IN() clauses to leak information via XPATH error-based techniques. The vulnerability affects PHP-based deployments and currently has no available patch.
OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. [CVSS 8.8 HIGH]
OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajax_complete.php endpoint when handling the get_sedi operation. [CVSS 8.8 HIGH]