Can you explain this vulnerability to me?

CVE-2026-24419 is a critical Error-Based SQL Injection vulnerability in the Prima Nota (Journal Entry) module of OpenSTAManager version 2.9.8 and earlier.

The vulnerability exists because the application fails to validate that the comma-separated values from the id_documenti GET parameter are integers before using them in SQL IN() clauses.

This allows an attacker to inject arbitrary SQL commands by crafting malicious input, which then triggers XML error messages leaking sensitive database information such as user credentials, customer personally identifiable information (PII), and financial records.

The attack requires an authenticated user with access to the Prima Nota module but no additional privileges or user interaction, and the attack complexity is low.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can have severe impacts including unauthorized extraction of sensitive data from the database.

• Attackers can obtain database user credentials.
• Customer personally identifiable information (PII) can be leaked.
• Financial records stored in the database can be exposed.

Because the attack requires only low privileges and no user interaction, it poses a high risk to confidentiality, integrity, and availability of the affected system.

Useful 0 Not Useful 0

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': "This vulnerability can be detected by monitoring for unusual or crafted GET requests targeting the Prima Nota module's add.php file, specifically those including the id_documenti parameter with suspicious SQL injection payloads."}, {'type': 'paragraph', 'content': 'A practical detection method is to capture and analyze HTTP requests to the endpoint /modules/primanota/add.php and look for id_documenti parameters containing non-integer or SQL syntax characters.'}, {'type': 'paragraph', 'content': 'Example command using curl to test for the vulnerability by sending a crafted request that triggers an error-based SQL injection:'}, {'type': 'list_item', 'content': 'curl -i -b cookies.txt "http://target/modules/primanota/add.php?id_documenti=1) AND EXTRACTVALUE(1,CONCAT(0x7e,(SELECT CONCAT(USER(),\' | \',VERSION()))))%23"'}, {'type': 'paragraph', 'content': 'If the response contains XML error messages revealing database user and version information, it indicates the presence of the vulnerability.'}, {'type': 'paragraph', 'content': 'Additionally, network intrusion detection systems (NIDS) can be configured to alert on SQL injection patterns in HTTP GET parameters targeting this specific endpoint.'}] [1]

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

[{'type': 'paragraph', 'content': 'Immediate mitigation steps include validating and sanitizing the id_documenti GET parameter to ensure all values are integers before using them in SQL queries.'}, {'type': 'paragraph', 'content': 'Specifically, the application code should be updated to convert all elements of the id_documenti parameter to integers and filter out any invalid or malicious input.'}, {'type': 'list_item', 'content': "Use code similar to the following to sanitize input: $id_documenti = $id_documenti ?: get('id_documenti'); $id_documenti = $id_documenti ? explode(',', (string)$id_documenti) : []; $id_documenti = array_map('intval', $id_documenti); $id_documenti = array_filter($id_documenti, fn($id) => $id > 0);"}, {'type': 'paragraph', 'content': 'Restrict access to the Prima Nota module to trusted authenticated users only, as the vulnerability requires authentication.'}, {'type': 'paragraph', 'content': 'Monitor logs for suspicious activity and consider temporarily disabling or restricting the vulnerable module until a patch or fix is applied.'}] [1]

Useful 0 Not Useful 0