CVE-2026-35470 - Vulnerability Analysis

Overview

OpenSTAManager < 2.10.2 contains an SQL injection caused by unsanitized 'righe' parameter in confronta_righe.php files, letting authenticated attackers extract sensitive database information, exploit requires authentication.

Severity & Score

Impact

Authenticated attackers can extract sensitive database information including user credentials and invoice data.

Mitigation

Update to version 2.10.2 or later.

References

• https://github.com/devcode-it/openstamanager/releases/tag/v2.10.2
• https://github.com/devcode-it/openstamanager/security/advisories/GHSA-mmm5-3g4x-qw39

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Apr 7, 2026

🟠 CVE-2026-35470 - High (8.8) OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confronta_righe.php files across different modules in OpenSTAManager contain an SQL Injection vulnerability. The righe parameter received... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35470/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

• Vulnerability Intelligence Dashboard
• Credential Scanner