CVE-2025-69213
- Source
- https://cve.org/CVERecord?id=CVE-2025-69213
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-69213.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-69213
- Aliases
- Published
- 2026-02-04T17:42:28.181Z
- Modified
- 2026-03-10T14:47:18.928481Z
- Severity
-
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- OpenSTAManager has a SQL Injection in ajax_complete.php (get_sedi endpoint)
- Details
-
OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajaxcomplete.php endpoint when handling the getsedi operation. An authenticated attacker can inject malicious SQL code through the idanagrafica parameter, leading to unauthorized database access. At time of publication, no known patch exists.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-89" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/69xxx/CVE-2025-69213.json" }- References
Affected packages
Git / github.com/devcode-it/openstamanager
Affected versions
v2.*
v2.3
v2.3-beta.1
v2.3-beta.2
v2.3.1
v2.4
v2.4.1
v2.4.10
v2.4.11
v2.4.12
v2.4.13
v2.4.14
v2.4.15
v2.4.16
v2.4.17
v2.4.18
v2.4.19
v2.4.2
v2.4.20
v2.4.21
v2.4.22
v2.4.23
v2.4.24
v2.4.25
v2.4.26
v2.4.27
v2.4.28
v2.4.29
v2.4.3
v2.4.30
v2.4.31
v2.4.32
v2.4.33
v2.4.34
v2.4.35
v2.4.36
v2.4.37
v2.4.38
v2.4.39
v2.4.4
v2.4.40
v2.4.41
v2.4.42
v2.4.43
v2.4.44
v2.4.45
v2.4.46
v2.4.47
v2.4.48
v2.4.49
v2.4.5
v2.4.50
v2.4.51
v2.4.52
v2.4.53
v2.4.54
v2.4.6
v2.4.7
v2.4.8
v2.4.9
v2.5
v2.5.1-beta
v2.5.2-beta
v2.5.3
v2.5.4
v2.5.5
v2.6.1
v2.6.2
v2.9
v2.9-beta
v2.9.2
v2.9.3
v2.9.4
v2.9.5
v2.9.6
v2.9.7
v2.9.8