Количество 2
Количество 2
CVE-2026-24417
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the global search functionality. The application fails to properly sanitize the term parameter before using it in SQL LIKE clauses across multiple module-specific search handlers, allowing attackers to inject arbitrary SQL commands and extract sensitive data through time-based Boolean inference.
GHSA-4hc4-8599-xh2h
OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-24417 OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the global search functionality. The application fails to properly sanitize the term parameter before using it in SQL LIKE clauses across multiple module-specific search handlers, allowing attackers to inject arbitrary SQL commands and extract sensitive data through time-based Boolean inference. | 0% Низкий | 2 дня назад | |
| GHSA-4hc4-8599-xh2h OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service | 0% Низкий | 2 дня назад |
Уязвимостей на страницу