CVE-2026-29782 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the oauth2.php file in OpenSTAManager is a…
High CVSS: 7.2

CVE-2026-29782

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the oauth2.php file in OpenSTAManager is an unauthenticated endpoint ($skip_permissions = true). It loads a record from the zz_oauth2 table using the attacker-controlled GET parameter state, and during the OAuth2 configuration flow calls unserialize() on the access_token field without any class restriction. This issue has been patched in version 2.10.2.
Vendor
-
Product
-
CWE
CWE-502
Yayın Tarihi
2026-04-02 14:16:27
Güncelleme
2026-04-03 16:10:52
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-502 HIGH 2026

Referanslar

https://github.com/devcode-it/openstamanager/commit/d2e38cbdf91a831cefc0da1548e02b297ae644cc https://github.com/devcode-it/openstamanager/releases/tag/v2.10.2 https://github.com/devcode-it/openstamanager/security/advisories/GHSA-whv5-4q2f-q68g