📦 Openstamanager
by Devcode
🔍 What is Openstamanager?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
OpenSTAManager versions 2.9.8 and earlier contain an authentication bypass and privilege escalation vulnerability that allows attackers to arbitrarily change user group memberships. This enables promo...
OpenSTAManager versions 2.9.8 and earlier contain a critical OS command injection vulnerability in the P7M file decoding functionality. Authenticated attackers can upload specially crafted ZIP files c...
OpenSTAManager versions 2.9.8 and earlier contain an SQL injection vulnerability in the ajax_select.php endpoint. Authenticated attackers can execute arbitrary SQL commands through the options[matrico...
OpenSTAManager versions 2.9.8 and earlier contain a SQL injection vulnerability in the ajax_complete.php endpoint. Authenticated attackers can execute arbitrary SQL commands through the idanagrafica p...
OpenSTAManager versions 2.9.8 and earlier contain a SQL injection vulnerability in the Stampe Module that allows attackers to execute arbitrary SQL commands. This affects all users running vulnerable ...
OpenSTAManager v2.9.8 and earlier contain a critical SQL injection vulnerability in the Payment Schedule module's bulk operations handler. Attackers can inject malicious SQL commands through the id_re...
OpenSTAManager v2.9.8 and earlier contain a critical SQL injection vulnerability in the article pricing completion handler. Attackers can exploit this to extract sensitive database information through...
OpenSTAManager v2.9.8 and earlier contain a critical time-based blind SQL injection vulnerability in the global search functionality. Attackers can inject malicious SQL commands through the term param...
OpenSTAManager versions 2.9.8 and earlier contain an authenticated SQL injection vulnerability in the Payment Schedule print template. Any authenticated user can exploit this to extract sensitive data...
OpenSTAManager v2.9.8 and earlier contain a critical SQL injection vulnerability in the Journal Entry module. Attackers can inject arbitrary SQL commands through the id_documenti parameter to extract ...