CVE-2023-35924 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2023-35924?

CVE-2023-35924 has a CVSS score of 8.6 (HIGH). This vulnerability allows unauthenticated attackers to perform SQL injection attacks against GLPI's inventory endpoint. All GLPI installations running versions 10.0.0 through 10.0.7 are affected, and the endpoint requires no authentication by default.

📋 TL;DR

This vulnerability allows unauthenticated attackers to perform SQL injection attacks against GLPI's inventory endpoint. All GLPI installations running versions 10.0.0 through 10.0.7 are affected, and the endpoint requires no authentication by default.

💻 Affected Systems

Products:

GLPI

Versions: 10.0.0 through 10.0.7

Operating Systems: All platforms running GLPI

Default Config Vulnerable: ⚠️ Yes

Notes: The inventory endpoint is enabled and unauthenticated by default in affected versions.

📦 What is this software?

Glpi by Glpi Project

View all CVEs affecting Glpi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, privilege escalation, and potential remote code execution.

🟠

Likely Case

Unauthorized data access, data manipulation, and potential system compromise.

🟢

If Mitigated

Limited impact if proper network segmentation and authentication controls are in place.

🌐 Internet-Facing: HIGH - The vulnerable endpoint requires no authentication and is accessible remotely by default.

🏢 Internal Only: HIGH - Even internal systems are vulnerable as no authentication is required.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are typically easy to exploit, and this requires no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.0.8

Vendor Advisory: https://github.com/glpi-project/glpi/security/advisories/GHSA-gxh4-j63w-8jmm

Restart Required: No

Instructions:

1. Backup your GLPI installation and database. 2. Download GLPI 10.0.8 from official sources. 3. Replace existing files with new version. 4. Run update script if needed. 5. Verify functionality.

🔧 Temporary Workarounds

Disable Native Inventory

all

Disable the vulnerable inventory endpoint to prevent exploitation.

Edit GLPI configuration to disable inventory functionality

🧯 If You Can't Patch

Implement strict network access controls to restrict access to GLPI inventory endpoint
Deploy web application firewall with SQL injection protection rules

🔍 How to Verify

Check if Vulnerable:

Check GLPI version in administration panel or via version file.

Check Version:

Check GLPI admin panel or view /glpi/inc/define.php for version constant

Verify Fix Applied:

Confirm version is 10.0.8 or later and test inventory endpoint functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed inventory requests
Suspicious patterns in web server access logs

Network Indicators:

Unusual traffic to /front/inventory.php endpoint
SQL injection patterns in HTTP requests

SIEM Query:

source="web_server" AND (uri="/front/inventory.php" OR uri="/glpi/front/inventory.php") AND (payload CONTAINS "UNION" OR payload CONTAINS "SELECT" OR payload CONTAINS "INSERT")

📊 Metadata

CVE ID: CVE-2023-35924

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE: CWE-89

Published: July 5, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/glpi-project/glpi/releases/tag/10.0.8 Release Notes
https://github.com/glpi-project/glpi/security/advisories/GHSA-gxh4-j63w-8jmm Vendor Advisory
https://github.com/glpi-project/glpi/releases/tag/10.0.8 Release Notes
https://github.com/glpi-project/glpi/security/advisories/GHSA-gxh4-j63w-8jmm Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-35924, you might also want to check these: