CVE-2026-35470
published 2026-04-06CVE-2026-35470: OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confronta_righe.php files across different…
PriorityP356high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.42%
33.3th percentile
OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confronta_righe.php files across different modules in OpenSTAManager contain an SQL Injection vulnerability. The righe parameter received via $_GET['righe'] is directly concatenated into an SQL query without any sanitization, parameterization or validation. An authenticated attacker can inject arbitrary SQL statements to extract sensitive data from the database, including user credentials, customer information, invoice data and any other stored data. This vulnerability is fixed in 2.10.2.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| devcode-it | openstamanager | < 2.10.2 | 2.10.2 |
| devcode-it | openstamanager | >= 0 < 2.10.2 | 2.10.2 |
| devcode | openstamanager | < 2.10.2 | 2.10.2 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
OpenSTAManager has a SQL Injection via righe Parameter in confronta_righe Modals
osv·2026-04-03
CVE-2026-35470 [HIGH] OpenSTAManager has a SQL Injection via righe Parameter in confronta_righe Modals
OpenSTAManager has a SQL Injection via righe Parameter in confronta_righe Modals
## Description
Six `confronta_righe.php` files across different modules in OpenSTAManager fetchArray(
'SELECT
`mg_articoli_lang`.`title`,
`mg_articoli`.`codice`,
`in_righe_interventi`.*
FROM
`in_righe_interventi`
INNER JOIN `mg_articoli` ON `mg_articoli`.`id` = `in_righe_interventi`.`idarticolo`
LEFT JOIN `mg_articoli_lang` ON (...)
WHERE
`in_righe_interventi`.`id` IN ('.$righe.')' // Line 41 — Direct concatenation
);
```
The value of `$_GET['righe']` is inserted directly into the SQL `IN()` clause without using `prepare()`, parameterized statements or any sanitization function.
## Reproduction
### Prerequisites
- Authenticated session (any user with module access)
- At least one existing record in the t
GHSA
OpenSTAManager has a SQL Injection via righe Parameter in confronta_righe Modals
ghsa·2026-04-03
CVE-2026-35470 [HIGH] CWE-89 OpenSTAManager has a SQL Injection via righe Parameter in confronta_righe Modals
OpenSTAManager has a SQL Injection via righe Parameter in confronta_righe Modals
## Description
Six `confronta_righe.php` files across different modules in OpenSTAManager fetchArray(
'SELECT
`mg_articoli_lang`.`title`,
`mg_articoli`.`codice`,
`in_righe_interventi`.*
FROM
`in_righe_interventi`
INNER JOIN `mg_articoli` ON `mg_articoli`.`id` = `in_righe_interventi`.`idarticolo`
LEFT JOIN `mg_articoli_lang` ON (...)
WHERE
`in_righe_interventi`.`id` IN ('.$righe.')' // Line 41 — Direct concatenation
);
```
The value of `$_GET['righe']` is inserted directly into the SQL `IN()` clause without using `prepare()`, parameterized statements or any sanitization function.
## Reproduction
### Prerequisites
- Authenticated session (any user with module access)
- At least one existing record in the t
No detection rules found.
No public exploits indexed.
2026-04-06
Published