CVE-2025-69215

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions 2.9.8 and prior

Description OpenSTAManager is an open source management software for technical assistance and invoicing. A SQL Injection vulnerability exists in the Stampe Module, specifically in the modules/stampe/actions.php file on line 26. The module parameter from POST data is directly concatenated into an SQL UPDATE query without proper sanitization, despite the predefined parameter being validated with intval(). This allows for error-based SQL injection using MySQL functions like EXTRACTVALUE, UPDATEXML, and GTID SUBSET. The API Endpoint vulnerable is /modules/stampe/actions.php. The vulnerable parameter is module. Exploitation requires a valid authenticated session with access to the Stampe module, and has been verified to work with users having "Tecnici" group access. The vulnerability can be exploited by sending a POST request to the vulnerable endpoint with the op parameter set to 'update', id record set to 1, predefined set to a non-zero value, and the module parameter containing the SQL injection payload. The exploit can be used to extract database information, including the database version, name, current user, and potentially administrative credentials.

Recommendations Versions prior to 2.9.8 should be updated to a newer version that addresses this vulnerability. As a temporary workaround, consider disabling the Stampe module or restricting access to it to minimize the risk of exploitation. Avoid using the module parameter in the affected API endpoint until the issue is resolved.