CNNVD-202602-974 Information

CNNVD ID

CNNVD-202602-974

Related CVE

CVE-2025-69214

• CNNVD Published: 2026-02-06

Description (Chinese)

OpenSTAManager是Devcode开源的一个用于技术援助和计费的开源管理软件。 OpenSTAManager 2.9.8及之前版本存在SQL注入漏洞，该漏洞源于处理componenti操作时ajax_select.php端点存在SQL注入，可能导致已验证的攻击者通过options[matricola]参数注入恶意SQL代码。

Description (English)

OpenSTAManager is an open source management software for technical assistance and costing from Devcode. OpenSTAManager 2.9.8 and previous versions have an injection loophole in SQL, which stems from the presence of SQL injections at the end of ajax select.php at the time of the processing of the coponanti operation, which could lead to the introduction of malicious SQL codes by the proven assailant through options [matricola] parameters.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

Devcode

Published

2026-02-06

Last Modified

2026-02-24

References

https://github.com/devcode-it/openstamanager/security/advisories/GHSA-qjv8-63xq-gq8m