CVE-2023-41320 – This SQL injection vulnerability in GLPI's UI l... (How to Fix)

Q: What is the severity of CVE-2023-41320?

CVE-2023-41320 has a CVSS score of 8.1 (HIGH). This SQL injection vulnerability in GLPI's UI layout preferences management allows attackers to execute arbitrary SQL commands. Successful exploitation can lead to administrator account takeover, potentially compromising the entire GLPI instance. All GLPI users running vulnerable versions are affected.

📋 TL;DR

This SQL injection vulnerability in GLPI's UI layout preferences management allows attackers to execute arbitrary SQL commands. Successful exploitation can lead to administrator account takeover, potentially compromising the entire GLPI instance. All GLPI users running vulnerable versions are affected.

💻 Affected Systems

Products:

GLPI (Gestionnaire Libre de Parc Informatique)

Versions: Versions before 10.0.10

Operating Systems: All operating systems running GLPI

Default Config Vulnerable: ⚠️ Yes

Notes: All GLPI installations with UI layout preferences enabled are vulnerable. The vulnerability is in core functionality.

📦 What is this software?

Glpi by Glpi Project

View all CVEs affecting Glpi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining administrator privileges, accessing sensitive data, and potentially pivoting to other systems.

🟠

Likely Case

Administrator account takeover leading to unauthorized access, data theft, and privilege escalation within GLPI.

🟢

If Mitigated

Limited impact if proper input validation and SQL injection protections are in place, though the vulnerability bypasses these controls.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires some knowledge of SQL injection techniques but is straightforward for experienced attackers. The advisory provides technical details that could facilitate exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.0.10

Vendor Advisory: https://github.com/glpi-project/glpi/security/advisories/GHSA-mv2r-gpw3-g476

Restart Required: No

Instructions:

1. Backup your GLPI database and files. 2. Download GLPI 10.0.10 from the official repository. 3. Follow the GLPI upgrade documentation to update your installation. 4. Verify the upgrade completed successfully.

🧯 If You Can't Patch

Implement strict network access controls to limit GLPI access to authorized users only.
Monitor GLPI logs for unusual SQL query patterns or unauthorized access attempts.

🔍 How to Verify

Check if Vulnerable:

Check your GLPI version by logging into the admin interface and navigating to Setup > General > Information. If version is below 10.0.10, you are vulnerable.

Check Version:

Not applicable - version check is done through web interface

Verify Fix Applied:

After upgrading, verify the version shows 10.0.10 or higher in the GLPI admin interface.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in GLPI database logs
Multiple failed login attempts followed by successful admin login
Unexpected changes to user permissions or layout preferences

Network Indicators:

Unusual traffic patterns to GLPI's UI layout preference endpoints
SQL error messages in HTTP responses

SIEM Query:

source="glpi_logs" AND (message="*SQL*error*" OR message="*injection*" OR message="*layout*preferences*" AND status="error")

📊 Metadata

CVE ID: CVE-2023-41320

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-89

Published: September 27, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/glpi-project/glpi/security/advisories/GHSA-mv2r-gpw3-g476 Vendor Advisory
https://github.com/glpi-project/glpi/security/advisories/GHSA-mv2r-gpw3-g476 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-41320, you might also want to check these: