CVE-2025-69213

OpenSTAManager has a SQL Injection in ajax_complete.php (get_sedi endpoint)

Description

OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajax_complete.php endpoint when handling the get_sedi operation. An authenticated attacker can inject malicious SQL code through the idanagrafica parameter, leading to unauthorized database access. At time of publication, no known patch exists.

INFO

Published Date :

2026-02-04T17:42:28.181Z

Last Modified :

2026-02-04T19:32:47.018Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-69213 vulnerability.

Vendors	Products
Devcode	Openstamanager

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-69213.

URL	Resource
https://github.com/devcode-it/openstamanager/security/advisories/GHSA-w995-ff8h-rppg

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact