OpenSTAManager, SQL Injection, CVE-2024-XXXXX (Critical)

Listen to this Post

The vulnerability exists in the `ajax_complete.php` endpoint within the `get_sedi` operation. User-supplied input from the `idanagrafica` HTTP GET parameter is passed to the `get()` function and then directly concatenated into an SQL query string without sanitization. The vulnerable code in `modules/anagrafiche/ajax/complete.php` builds a query using `$idanagrafica = get(‘idanagrafica’);` and then uses it as WHERE idanagrafica='".$idanagrafica."'. This allows an authenticated attacker to escape the single quotes and inject arbitrary SQL commands. The malicious query is then executed via the `$dbo->fetchArray($q)` call, giving the attacker direct access to the database backend for data exfiltration, manipulation, or potential command execution.
Platform: OpenSTAManager
Version: Latest (2025)
Vulnerability: SQL Injection
Severity: Critical
date: December 2025

Prediction: Patch Q1 2026

What Undercode Say:

sqlmap -u "http://target/ajax_complete.php?op=get_sedi&idanagrafica=1" --cookie="PHPSESSID=valid" --dbms=MySQL --technique=T --dump
GET /ajax_complete.php?op=get_sedi&idanagrafica=1' AND SLEEP(5)-- HTTP/1.1
// Vulnerable Code
$q = "SELECT ... WHERE idanagrafica='".$idanagrafica."'";
// Secure Code
$q = "SELECT ... WHERE idanagrafica=".prepare($idanagrafica)."";

How Exploit:

Time-based blind injection. Inject SLEEP() commands via `idanagrafica` parameter. Use sqlmap for automated exploitation and full database dump, including `zz_users` table.

Protection from this CVE:

Use prepared statements. Implement input validation. Apply least privilege database accounts.

Impact:

Full database compromise. Admin privilege escalation. Data integrity loss. Potential remote code execution.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top