9.4
/ 10
CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H
Description
CVE-2025-69212 — OpenSTAManager P7M Command Injection PoC OpenSTAManager = 2.9.8 — OS Command Injection via malicious .p7m filename in ZIP upload. File: src/Util/XML.php:100 — unsanitized $file in exec Vector: /plugins/importFEZIP/actions.php → ZIP →...
Basic Information
ID
46CC1A3B-E288-5D6F-BB8A-C0B2ECAF3AD9
Published
Jun 27, 2026 at 23:54
Modified
Jun 28, 2026 at 00:07