プラットフォーム
php
コンポーネント
devcode-it/openstamanager
修正版
2.9.9
2.9.9
CVE-2026-27012 represents a critical privilege escalation vulnerability discovered in OpenSTAManager. This flaw allows attackers to bypass authentication and directly manipulate user group assignments within the application. The vulnerability affects versions of OpenSTAManager up to and including 2.9.8, and a fix is currently available through an upgrade.
The impact of CVE-2026-27012 is severe. An unauthenticated attacker can exploit this vulnerability by directly calling modules/utenti/actions.php to modify the idgruppo field, effectively changing a user's group affiliation. This allows for the promotion of standard users to the highly privileged 'Amministratori' group, granting them full administrative control over the system. Conversely, an attacker could demote existing administrators, disrupting operations and potentially gaining persistent access. This vulnerability essentially grants an attacker the ability to completely compromise the integrity and security of the OpenSTAManager installation.
CVE-2026-27012 was publicly disclosed on 2026-03-03. The vulnerability's simplicity and lack of authentication requirements suggest a potentially high probability of exploitation. There are currently no known public proof-of-concept exploits, but the ease of exploitation makes it likely that one will emerge. It is not currently listed on the CISA KEV catalog.
Organizations utilizing OpenSTAManager for document management and collaboration are at risk, particularly those relying on the 'Amministratori' group for critical administrative tasks. Environments with limited network segmentation or inadequate web application firewalls are especially vulnerable, as direct access to the vulnerable endpoint can be easily exploited.
• php: Examine web server access logs for direct requests to http://<IP>:8080/modules/utenti/actions.php without authentication.
grep -i "modules/utenti/actions.php" /var/log/apache2/access.log• php: Search for modifications to the idgruppo field in the application's database, particularly for users who were not previously administrators.
SELECT username, idgruppo FROM users WHERE idgruppo = 'Amministratori' AND username NOT IN (SELECT username FROM administrators);• generic web: Monitor for unusual user activity, such as users suddenly gaining administrative privileges or performing actions they wouldn't normally have access to.
disclosure
エクスプロイト状況
EPSS
0.03% (8% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2026-27012 is to upgrade OpenSTAManager to a patched version. Unfortunately, a specific fixed version isn't provided in the input. Until a patch is available, consider implementing temporary workarounds. Restrict direct access to modules/utenti/actions.php using a web application firewall (WAF) or proxy server, blocking any external requests to this endpoint. Review and harden access control lists (ACLs) to limit the impact of potential group modifications. Monitor access logs for suspicious activity, particularly attempts to modify user group assignments.
OpenSTAManagerを2.9.8より後のバージョンにアップデートしてください。これにより、認証されていない攻撃者がユーザーグループを変更できる権限昇格の脆弱性が修正されます。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-27012 is a critical vulnerability in OpenSTAManager versions ≤2.9.8 that allows attackers to bypass authentication and elevate their privileges by manipulating user group assignments.
If you are running OpenSTAManager version 2.9.8 or earlier, you are potentially affected by this vulnerability. Immediate action is recommended.
Upgrade OpenSTAManager to a patched version. Until a patch is available, implement workarounds like WAF rules and ACL restrictions.
While no public exploits are currently known, the vulnerability's simplicity suggests a high probability of exploitation. Monitor your systems closely.
Refer to the OpenSTAManager project website and security advisories for updates and official guidance regarding this vulnerability.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。