GITHUBEXPLOIT 9.4 CRITICAL

Exploit for OS Command Injection in Devcode Openstamanager_46CC1A3B-E288-5D6F-BB8A-C0B2ECAF3AD9

9.4 / 10
CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

Description

CVE-2025-69212 — OpenSTAManager P7M Command Injection PoC OpenSTAManager = 2.9.8 — OS Command Injection via malicious .p7m filename in ZIP upload. File: src/Util/XML.php:100 — unsanitized $file in exec Vector: /plugins/importFEZIP/actions.php → ZIP →...
Visit Original Source

Basic Information

ID 46CC1A3B-E288-5D6F-BB8A-C0B2ECAF3AD9
Published Jun 27, 2026 at 23:54
Modified Jun 28, 2026 at 00:07

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.