CVE-2025-69213

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions prior to 2.9.8

Description OpenSTAManager is a management software for technical assistance and invoicing. A SQL Injection issue exists in version 2.9.8 and earlier when handling the get sedi operation through the /ajax complete.php API endpoint. An authenticated attacker can inject malicious SQL code through the idanagrafica parameter, potentially gaining unauthorized access to the database.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.