VYPR
High severityNVD Advisory· Published Feb 6, 2026· Updated Feb 9, 2026

OpenSTAManager has a SQL Injection in ajax_select.php (componenti endpoint)

CVE-2025-69214

Description

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability exists in the ajax_select.php endpoint when handling the componenti operation. An authenticated attacker can inject malicious SQL code through the options[matricola] parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
devcode-it/openstamanagerPackagist
<= 2.9.8

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.