CVE-2025-69216

MEDIUM

6.5

Descripcion

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario (Payment Schedule) print template allows any authenticated user to extract sensitive data from the database, including admin credentials, customer information, and financial records. The vulnerability exists in templates/scadenzario/init.php, where the id_anagrafica parameter is directly concatenated into an SQL query without proper sanitization. The vulnerability enables complete database read access through error-based SQL injection techniques.

Detalles CVE

Puntuacion CVSS v3.16.5

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioNONE

Publicado2/6/2026

Ultima modificacion2/9/2026

Fuentenvd

Avistamientos honeypot0

Productos afectados

devcode:openstamanager

Debilidades (CWE)

CWE-89

Referencias

https://github.com/devcode-it/openstamanager/security/advisories/GHSA-q6g3-fv43-m2w6(security-advisories@github.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.