CVE-2025-65103

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions prior to 2.9.5

Description OpenSTAManager is a management software for technical assistance and invoicing. A SQL Injection flaw exists in the API that allows authenticated users to execute arbitrary SQL queries, regardless of their permission level. By manipulating the display parameter in an API request, an attacker can potentially exfiltrate, modify, or delete data from the database, potentially leading to a full system compromise.

Recommendations Update to version 2.9.5 or later.