CVE-2026-24419 - OpenSTAManager has an SQL Injection in the Prima Nota module

CVE ID : CVE-2026-24419 Published : Feb. 6, 2026, 6:15 p.m. | 27 minutes ago Description : OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the Prima Nota (Journal Entry) module's add.php file. The application fails to validate that comma-separated values from the id_documenti GET parameter are integers before using them in SQL IN() clauses, allowing attackers to inject arbitrary SQL commands and extract sensitive data through XPATH error messages. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...