← Volver a CVEs
CVE-2025-69213
HIGH8.8
Descripcion
OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajax_complete.php endpoint when handling the get_sedi operation. An authenticated attacker can inject malicious SQL code through the idanagrafica parameter, leading to unauthorized database access. At time of publication, no known patch exists.
Detalles CVE
Puntuacion CVSS v3.18.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado2/4/2026
Ultima modificacion2/18/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
devcode:openstamanager
Debilidades (CWE)
CWE-89
Referencias
https://github.com/devcode-it/openstamanager/security/advisories/GHSA-w995-ff8h-rppg(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.