CVE-2025-69216
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-02-06

Last updated on: 2026-02-09

Assigner: GitHub, Inc.

Description
OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario (Payment Schedule) print template allows any authenticated user to extract sensitive data from the database, including admin credentials, customer information, and financial records. The vulnerability exists in templates/scadenzario/init.php, where the id_anagrafica parameter is directly concatenated into an SQL query without proper sanitization. The vulnerability enables complete database read access through error-based SQL injection techniques.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-06
Last Modified
2026-02-09
Generated
2026-05-07
AI Q&A
2026-02-06
EPSS Evaluated
2026-05-05
NVD
CVE-2025-69216
EUVD
EUVD-2025-206886
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
devcode openstamanager to 2.9.8 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

[{'type': 'paragraph', 'content': "CVE-2025-69216 is an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario (Payment Schedule) print template affecting versions up to 2.9.8."}, {'type': 'paragraph', 'content': 'The vulnerability exists because the id_anagrafica parameter is directly concatenated into an SQL query without proper sanitization or use of prepared statements, allowing attackers to manipulate SQL commands.'}, {'type': 'paragraph', 'content': 'Any authenticated user, regardless of privilege level, can exploit this flaw to perform error-based SQL injection attacks that extract sensitive data from the database.'}] [1]


How can this vulnerability impact me? :

This vulnerability allows an authenticated user with low privileges to gain complete read access to the database.

  • Extraction of sensitive data such as admin credentials, including usernames, emails, and partial bcrypt password hashes.
  • Access to customer information and financial records stored in the database.

The impact includes a high risk to confidentiality and integrity of the system and its data, potentially leading to unauthorized data disclosure and further exploitation.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by testing the vulnerable endpoint for SQL injection using the id_anagrafica parameter in the URL /pdfgen.php?ptype=scadenzario&id_anagrafica=[INJECTION_PAYLOAD].'}, {'type': 'paragraph', 'content': 'Proof of Concept (PoC) exploitation steps include triggering SQL syntax errors by injecting malformed input and extracting database information using error-based SQL injection techniques.'}, {'type': 'paragraph', 'content': 'Automated tools like SQLMap can be used to confirm the presence of the vulnerability with confirmed injection types including Boolean-based blind, error-based, and time-based blind SQL injection.'}, {'type': 'list_item', 'content': 'Use SQLMap with a command similar to: sqlmap -u "http://target/pdfgen.php?ptype=scadenzario&id_anagrafica=1" --cookie="[valid_auth_cookie]" --dbs'}, {'type': 'list_item', 'content': 'Manually test by injecting malformed input in the id_anagrafica parameter to trigger SQL errors, e.g., id_anagrafica=1\' or id_anagrafica=1"'}] [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to the vulnerable endpoint to only trusted authenticated users and monitoring for suspicious activity on the /pdfgen.php?ptype=scadenzario endpoint.

Since no patch is currently available, avoid using the affected versions (2.9.8 and earlier) or disable the Scadenzario print template functionality if possible.

Implement input validation and sanitization on the id_anagrafica parameter and other user inputs to prevent SQL injection.

Use prepared statements with parameterized queries instead of directly concatenating user input into SQL queries.

Ensure that only authenticated users with the minimum necessary privileges can access the application.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart