[HIGH] OpenSTAManager has a SQL Injection in the Prima Nota module

PKSA-6h6r-npfh-qb3m CVE-2026-24419 GHSA-4j2x-jh4m-fqv6

Affected version: <=2.9.8

Reported by:
GitHub

[HIGH] OpenSTAManager has a SQL Injection vulnerability in the Scadenzario bulk operations module

PKSA-ff9m-7w2n-x2fw CVE-2026-24418 GHSA-4xwv-49c8-fvhq

Affected version: <=2.9.8

Reported by:
GitHub

[HIGH] OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service

PKSA-h29d-v9rg-p75n CVE-2026-24417 GHSA-4hc4-8599-xh2h

Affected version: <2.9.8

Reported by:
GitHub

[HIGH] OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module

PKSA-9s5k-763f-q4yd CVE-2026-24416 GHSA-p864-fqgv-92q4

Affected version: <=2.9.8

Reported by:
GitHub

[HIGH] OpenSTAManager has a SQL Injection in Scadenzario Print Template

PKSA-vrdb-wqb7-67h2 CVE-2025-69216 GHSA-q6g3-fv43-m2w6

Affected version: <=2.9.8

Reported by:
GitHub

[HIGH] OpenSTAManager has a SQL Injection in ajax_select.php (componenti endpoint)

PKSA-wvq9-cxvz-jy62 CVE-2025-69214 GHSA-qjv8-63xq-gq8m

Affected version: <=2.9.8

Reported by:
GitHub

[CRITICAL] OpenSTAManager has an OS Command Injection in P7M File Processing

PKSA-myj2-kgh7-vymm CVE-2025-69212 GHSA-25fp-8w8p-mx36

Affected version: <=2.9.8

Reported by:
GitHub

[HIGH] OpenSTAManager has an SQL Injection in the Stampe Module

PKSA-z7vr-c7n6-k2xn CVE-2025-69215 GHSA-qx9p-w3vj-q24q

Affected version: <=2.9.8

Reported by:
GitHub

[HIGH] OpenSTAManager has a SQL Injection in ajax_complete.php (get_sedi endpoint)

PKSA-8235-xswg-bmnf CVE-2025-69213 GHSA-w995-ff8h-rppg

Affected version: <=2.9.8

Reported by:
GitHub

[HIGH] OpenSTAManager has Authenticated SQL Injection in API via 'display' parameter

PKSA-xh8m-q572-khyv CVE-2025-65103 GHSA-2jm2-2p35-rp3j

Affected version: <=2.9.4

Reported by:
GitHub