Vulnerability Description
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario (Payment Schedule) print template allows any authenticated user to extract sensitive data from the database, including admin credentials, customer information, and financial records. The vulnerability exists in templates/scadenzario/init.php, where the id_anagrafica parameter is directly concatenated into an SQL query without proper sanitization. The vulnerability enables complete database read access through error-based SQL injection techniques.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Devcode | Openstamanager | <= 2.9.8 |
Related Weaknesses (CWE)
References
- https://github.com/devcode-it/openstamanager/security/advisories/GHSA-q6g3-fv43-ExploitVendor Advisory
FAQ
What is CVE-2025-69216?
CVE-2025-69216 is a vulnerability with a CVSS score of 6.5 (MEDIUM). OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario (Payment...
How severe is CVE-2025-69216?
CVE-2025-69216 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-69216?
Check the references section above for vendor advisories and patch information. Affected products include: Devcode Openstamanager.