CVE-2025-69214

Unknown Unknown - Not Provided

BaseFortify

Publication date: 2026-02-06

Last updated on: 2026-02-09

Assigner: GitHub, Inc.

Description

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability exists in the ajax_select.php endpoint when handling the componenti operation. An authenticated attacker can inject malicious SQL code through the options[matricola] parameter.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-02-06

Last Modified

2026-02-09

Generated

2026-06-16

AI Q&A

2026-02-06

EPSS Evaluated

2026-06-15

NVD

CVE-2025-69214

EUVD

EUVD-2025-206885

Affected Vendors & Products

Vendor	Product	Version / Range
devcode	openstamanager	to 2.9.8 (inc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-89	The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CWE ID

Description

CWE-89

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2025-69214 is a high-severity SQL Injection vulnerability in OpenSTAManager (version 2.9.8 and earlier), specifically in the ajax_select.php endpoint when handling the "componenti" operation.'}, {'type': 'paragraph', 'content': "The vulnerability occurs because the parameter options[matricola], which comes from an authenticated user's GET request, is directly inserted into an SQL IN() clause without proper sanitization or validation."}, {'type': 'paragraph', 'content': 'This allows an authenticated attacker with low privileges to inject malicious SQL code, potentially exploiting the database through time-based blind SQL injection techniques.'}] [1]

Impact Analysis

The impacts of this vulnerability are severe and include:

Confidentiality: An attacker can extract sensitive database information.
Integrity: An attacker can modify database records without authorization.
Availability: An attacker can disrupt service by crafting malicious queries.

Additionally, exploitation can lead to authentication bypass, allowing unauthorized access to sensitive component and equipment data.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This SQL Injection vulnerability can be detected by testing the ajax_select.php endpoint with the componenti operation, specifically targeting the options[matricola] parameter.'}, {'type': 'paragraph', 'content': 'A common method is to use time-based blind SQL injection payloads that induce delays, such as using SLEEP(5) in the parameter to confirm injection capability.'}, {'type': 'paragraph', 'content': 'Automated tools like SQLMap can be used to detect and confirm the vulnerability by targeting the vulnerable parameter with crafted payloads.'}, {'type': 'list_item', 'content': 'Example SQLMap command: sqlmap -u "http://target/ajax_select.php?operation=componenti&options[matricola]=1" --cookie="auth=your_auth_cookie" --technique=T --dbms=MySQL'}, {'type': 'list_item', 'content': 'Manual test by injecting a payload that causes delay, e.g., setting options[matricola]=1) OR SLEEP(5)-- to observe response time increase.'}] [1]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'To mitigate this vulnerability, immediately sanitize and validate the input received in the options[matricola] parameter before using it in SQL queries.'}, {'type': 'paragraph', 'content': 'Specifically, cast each value to an integer to prevent injection, by splitting the input string by commas, applying intval() to each element, and then safely reconstructing the SQL IN clause.'}, {'type': 'paragraph', 'content': 'The recommended code fix is:'}, {'type': 'list_item', 'content': "$impianti = $superselect['matricola'];"}, {'type': 'list_item', 'content': 'if (!empty($impianti)) {'}, {'type': 'list_item', 'content': " $ids = array_map('intval', explode(',', $impianti));"}, {'type': 'list_item', 'content': " $where[] = '`my_componenti`.`id_impianto` IN (' . implode(',', $ids) . ')';"}, {'type': 'list_item', 'content': '}'}, {'type': 'paragraph', 'content': 'Additionally, restrict access to authenticated users only and monitor for suspicious activity targeting this endpoint.'}] [1]

Hi! I’m here to help you understand CVE-2025-69214. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2025-69214

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart