CVE-2025-69214

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions 2.9.8 and earlier

Description OpenSTAManager is susceptible to a SQL Injection issue within the ajax select.php endpoint when processing the componenti operation. An authenticated attacker can inject malicious SQL code through the options[matricola] parameter. The issue stems from the direct concatenation of user-supplied input from the options[matricola] parameter into an SQL query without proper sanitization. This allows for potential data exfiltration, authentication bypass, and data manipulation. The vulnerable code resides in modules/impianti/ajax/select.php lines 122-124. The data flow involves the $ GET['options']['matricola'] input being passed to $superselect['matricola'] and subsequently used in the SQL query. Exploitation can be achieved through manual time-based blind SQL injection or automated tools like SQLMap.

Recommendations Versions prior to 2.9.8 should cast values to integers before using them in SQL queries. Specifically, use array map('intval', explode(',', $impianti)) to sanitize the options[matricola] parameter before incorporating it into the SQL query.