CVE-2025-69216: OpenSTAManager has a SQL Injection in Scadenzario Print Template

February 6, 2026

An authenticated SQL Injection vulnerability in OpenSTAManager’s Scadenzario (Payment Schedule) print template allows any authenticated user to extract sensitive data from the database, including admin credentials, customer information, and financial records. The vulnerability enables complete database read access through error-based SQL injection techniques.

References

github.com/advisories/GHSA-q6g3-fv43-m2w6
github.com/devcode-it/openstamanager
github.com/devcode-it/openstamanager/security/advisories/GHSA-q6g3-fv43-m2w6
nvd.nist.gov/vuln/detail/CVE-2025-69216

Code Behaviors & Features

Detect and mitigate CVE-2025-69216 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →