OpenSTAManager SQL Injection Vulnerability in Stampe Module

A SQL injection vulnerability has been identified in the Stampe Module of OpenSTAManager, an open-source management software for technical assistance and invoicing. This vulnerability exists in versions through 2.9.8. The issue arises because the 'module' parameter in POST requests is directly concatenated into an SQL UPDATE query without proper sanitization, allowing for injection of malicious SQL payloads. Exploitation of this vulnerability is possible by authenticated users with access to the Stampe module.

Impact

Exploitation of this vulnerability allows for error-based SQL injection, where an attacker can manipulate SQL queries and potentially extract sensitive database information. The vulnerability could be exploited to access and disclose data from the database, including user credentials and other sensitive information.

Reproduction

To reproduce this vulnerability, send a POST request to '/modules/stampe/actions.php' with the 'op' parameter set to 'update', 'predefined' set to a non-zero value, and 'module' containing the injection payload. This vulnerability requires a valid authenticated session and can be exploited by users with 'Tecnici' group access.