CVE-2026-35470

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions prior to 2.10.2

Description OpenSTAManager, prior to version 2.10.2, contains an SQL Injection vulnerability in the confronta righe.php files across different modules. The righe parameter, received via the $ GET['righe'] request, is directly concatenated into an SQL query without proper sanitization, parameterization, or validation. This allows an authenticated attacker to inject arbitrary SQL statements, potentially extracting sensitive data such as user credentials, customer information, invoice data, and other stored data. The vulnerability exists in six files: modules/fatture/modals/confronta righe.php, modules/interventi/modals/confronta righe.php, modules/preventivi/modals/confronta righe.php, modules/ordini/modals/confronta righe.php, modules/ddt/modals/confronta righe.php, and modules/contratti/modals/confronta righe.php. Exploitation involves crafting malicious HTTP GET requests to the confronta righe.php endpoint, manipulating the righe parameter to execute SQL queries. Successful exploitation could lead to confidentiality, integrity, and availability compromise of the database.

Recommendations Apply parameterized statements with prepare() to the righe parameter in all six affected files: modules/fatture/modals/confronta righe.php, modules/interventi/modals/confronta righe.php, modules/preventivi/modals/confronta righe.php, modules/ordini/modals/confronta righe.php, modules/ddt/modals/confronta righe.php, and modules/contratti/modals/confronta righe.php.