CVE-2026-38751

HIGH

OpenSTAManager <=2.10 - Arbitrary File Upload

Title source: llm

Description

OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality (modules/aggiornamenti/upload_modules.php)

Exploits (1)

github WORKING POC

by fuutianyii · pythonpoc

https://github.com/fuutianyii/poc

View Code ZIP pw:eip

References (2)

Core 2

Core References

https://github.com/fuutianyii/poc

https://github.com/devcode-it/openstamanager

Scores

CVSS v3 7.2

EPSS 0.0004

EPSS Percentile 11.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

devcode-it/openstamanager 0 - 2.10-betaPackagist

Published May 04, 2026

Tracked Since May 05, 2026