CNNVD-202511-2155 Information
Nov 19, 2025
cve
CNNVD ID
CNNVD-202511-2155
Related CVE
- CNNVD Published: 2025-11-19
Description (Chinese)
OpenSTAManager是Devcode开源的一个用于技术援助和计费的开源管理软件。 OpenSTAManager 2.9.5之前版本存在SQL注入漏洞,该漏洞源于API中存在SQL注入,可能导致任意用户通过操纵display参数执行任意SQL查询,泄露、修改或删除数据库数据。
Description (English)
OpenSTAManager is an open source management software for technical assistance and costing from Devcode. OpenSTAManager 2.9.5 has an injection loophole in SQL, which stems from the presence of SQL injections in API, and may lead to any user conducting random SQL queries by manipulating display parameters, leaking, modifying or deleting database data.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
Devcode
Published
2025-11-19
Last Modified
2026-02-24
References
https://github.com/devcode-it/openstamanager/security/advisories/GHSA-2jm2-2p35-rp3j
Patch
https://github.com/devcode-it/openstamanager/releases
Share on: