CRITICAL9.8CVE-2026-27012OpenSTAManager affected by unauthenticated privilege escalation via modules/utenti/actions.php from 0, <= 2.9.8
HIGH8.8CVE-2026-35470OpenSTAManager has a SQL Injection via righe Parameter in confronta_righe Modals from 0, < 2.10.2
HIGH8.8CVE-2026-35168OpenSTAManager: SQL Injection via Aggiornamenti Module from 0, < 2.10.2
HIGH8.8OpenSTAManager has a Time-Based Blind SQL Injection via `options[stato]` Parameter
from 0, < 2.10.2
HIGH8.8OpenSTAManager has a SQL Injection in ajax_select.php (componenti endpoint)
from 0, <= 2.9.8
HIGH8.8OpenSTAManager has Authenticated SQL Injection in API via 'display' parameter
from 0, < 2.9.5
HIGH7.2OpenSTAManager contains an arbitrary file upload vulnerability in its module update functionality
from 0, <= 2.10-beta
HIGH7.2OpenSTAManager Affected by Remote Code Execution via Insecure Deserialization in OAuth2
from 0, < 2.10.2
—OpenSTAManager Affected by XSS in modifica_iva.php via righe parameter
from 0, < 2.9.8
—OpenSTAManager has a SQL Injection in the Prima Nota module
from 0, <= 2.9.8
—OpenSTAManager has a SQL Injection vulnerability in the Scadenzario bulk operations module
from 0, <= 2.9.8
—OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service
from 0
—OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module
from 0, <= 2.9.8
—OpenSTAManager has a SQL Injection in Scadenzario Print Template
from 0, <= 2.9.8
—OpenSTAManager has an OS Command Injection in P7M File Processing
from 0, <= 2.9.8
—OpenSTAManager has an SQL Injection in the Stampe Module
from 0, <= 2.9.8
—OpenSTAManager has a SQL Injection in ajax_complete.php (get_sedi endpoint)
from 0, <= 2.9.8