CVE-2025-69214
EUVD-2025-20688506.02.2026, 19:16
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability exists in the ajax_select.php endpoint when handling the componenti operation. An authenticated attacker can inject malicious SQL code through the options[matricola] parameter.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| devcode | openstamanager | 𝑥 ≤ 2.9.8 |
𝑥
= Vulnerable software versions