Количество 2
Количество 2
CVE-2026-27012
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group (idgruppo) by directly calling modules/utenti/actions.php. This can promote an existing account (e.g. agent) into the Amministratori group as well as demote any user including existing administrators.
GHSA-247v-7cw6-q57v
OpenSTAManager affected by unauthenticated privilege escalation via modules/utenti/actions.php
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-27012 OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group (idgruppo) by directly calling modules/utenti/actions.php. This can promote an existing account (e.g. agent) into the Amministratori group as well as demote any user including existing administrators. | CVSS3: 9.8 | 0% Низкий | 24 дня назад |
| GHSA-247v-7cw6-q57v OpenSTAManager affected by unauthenticated privilege escalation via modules/utenti/actions.php | CVSS3: 9.8 | 0% Низкий | 24 дня назад |
Уязвимостей на страницу