Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
devcode-it/openstamanager v2.4.44 | Vulner… | Sonatype Guide
composer
devcode-it
openstamanager
v2.4.44
openstamanager v2.4.44
devcode-it
Published
Apr 22, 2023
•
Policy
compliance
composer Registry
Developer Trust Score
N/A
Recommended Version:
x.y.z
Best
Latest version with 0 known vulnerabilities that meets your policy.
Compare Versions
Overview
Overview
Versions
90
Versions
90
Vulnerabilities
12
Vulnerabilities
12
Dependencies
0
Dependencies
0
Reset filters
Severity
Critical
(1)
High
(0)
Medium
(0)
Low
(0)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
9.8
CVE-2026-27012
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group (idgruppo) by directly calling modules/utenti/actions.php. This can promote an existing account (e.g. agent) into the Amministratori group as well as demote any user including existing administrators.
affected
Severity
Critical
Published
Mar 4, 2026
