A critical privilege escalation vulnerability in OpenSTAManager allows any attacker to promote themselves to the administrator group by directly accessing a vulnerable script.

A flaw in modules/utenti/actions.php allows for authentication bypass and unauthorized group modification. An attacker can directly call this script to change the 'idgruppo' parameter of any user, effectively granting themselves administrative rights or demoting existing admins.

With a CVSS score of 9.8, the business impact is severe. An attacker can gain full access to invoicing, technical assistance records, and sensitive customer data. By demoting existing administrators, an attacker can also lock legitimate users out of the system, causing significant operational downtime.

Immediate Action: Update OpenSTAManager to a version newer than 2.9.8. If a patch is not immediately available, restrict access to the modules/utenti/ directory.

Proactive Monitoring: Audit the 'utenti' (users) table in the database for unauthorized changes to user groups and review web logs for direct requests to actions.php.

Compensating Controls: Use a Web Application Firewall (WAF) to block unauthorized direct access to PHP scripts in the modules directory that should require a valid session.

Public Exploit Available: No

Immediate remediation is required to prevent unauthorized access to sensitive business management data. Administrators should verify the integrity of all administrative accounts after applying the update.