CVE-2026-38751

Description

OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality (modules/aggiornamenti/upload_modules.php)

References

• https://github.com/devcode-it/openstamanager
• https://github.com/fuutianyii/poc