CVE-2026-38751
published 2026-05-04CVE-2026-38751: OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality…
PriorityP348high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.37%
29.0th percentile
OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality (modules/aggiornamenti/upload_modules.php)
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| devcode-it | openstamanager | 0 – 2.10-beta | — |
| devcode | openstamanager | <= 2.10 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rm34-fg4m-39mw: OpenSTAManager version 2
ghsa_unreviewed·2026-05-04
CVE-2026-38751 [HIGH] CWE-434 GHSA-rm34-fg4m-39mw: OpenSTAManager version 2
OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality (modules/aggiornamenti/upload_modules.php)
VulDB
DevCode OpenSTAManager up to 2.10 Module Update upload_modules.php unrestricted upload
vuldb·2026-05-04
CVE-2026-38751 [CRITICAL] DevCode OpenSTAManager up to 2.10 Module Update upload_modules.php unrestricted upload
A vulnerability categorized as critical has been discovered in DevCode OpenSTAManager up to 2.10. This vulnerability affects unknown code of the file modules/aggiornamenti/upload_modules.php of the component Module Update. Executing a manipulation can lead to unrestricted upload.
This vulnerability is tracked as CVE-2026-38751. The attack can be launched remotely. No exploit exists.
GHSA
OpenSTAManager contains an arbitrary file upload vulnerability in its module update functionality
ghsa·2026-05-04
CVE-2026-38751 [HIGH] CWE-434 OpenSTAManager contains an arbitrary file upload vulnerability in its module update functionality
OpenSTAManager contains an arbitrary file upload vulnerability in its module update functionality
OpenSTAManager versions 2.10 and earlier contain an arbitrary file upload vulnerability in the module update functionality (modules/aggiornamenti/upload_modules.php).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-04
Published