CVE-2025-69213
EUVD-2025-20678304.02.2026, 18:16
OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajax_complete.php endpoint when handling the get_sedi operation. An authenticated attacker can inject malicious SQL code through the idanagrafica parameter, leading to unauthorized database access. At time of publication, no known patch exists.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| devcode | openstamanager | 𝑥 ≤ 2.9.8 |
𝑥
= Vulnerable software versions