CVE-2024-40638 – This SQL injection vulnerability in GLPI allows... (How to Fix)

Q: What is the severity of CVE-2024-40638?

CVE-2024-40638 has a CVSS score of 8.1 (HIGH). This SQL injection vulnerability in GLPI allows authenticated users to execute arbitrary SQL queries. An attacker could modify other user accounts to gain unauthorized access. All GLPI instances with vulnerable versions are affected.

📋 TL;DR

This SQL injection vulnerability in GLPI allows authenticated users to execute arbitrary SQL queries. An attacker could modify other user accounts to gain unauthorized access. All GLPI instances with vulnerable versions are affected.

💻 Affected Systems

Products:

GLPI

Versions: Versions before 10.0.17

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access; all GLPI deployments with vulnerable versions are affected regardless of configuration.

📦 What is this software?

Glpi by Glpi Project

View all CVEs affecting Glpi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the GLPI instance, data exfiltration, privilege escalation to administrator, and potential lateral movement to connected systems.

🟠

Likely Case

Unauthorized access to other user accounts, data manipulation, and privilege escalation within the GLPI application.

🟢

If Mitigated

Limited impact if strong authentication controls, network segmentation, and database permissions restrict SQL execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

SQL injection vulnerabilities are commonly weaponized; authenticated access lowers barrier but exploitation is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.0.17

Vendor Advisory: https://github.com/glpi-project/glpi/security/advisories/GHSA-8843-r3m7-gfqx

Restart Required: No

Instructions:

1. Backup your GLPI database and files. 2. Download GLPI 10.0.17 from the official repository. 3. Follow the GLPI upgrade documentation to apply the update. 4. Verify the upgrade completed successfully.

🔧 Temporary Workarounds

Restrict User Permissions

all

Limit authenticated users to minimal necessary permissions to reduce attack surface.

Network Segmentation

all

Isolate GLPI server from sensitive networks and implement strict firewall rules.

🧯 If You Can't Patch

Implement web application firewall (WAF) with SQL injection rules
Monitor for suspicious SQL queries in database logs

🔍 How to Verify

Check if Vulnerable:

Check GLPI version in administration interface or via 'php glpi/console.php version' command.

Check Version:

php glpi/console.php version

Verify Fix Applied:

Confirm version is 10.0.17 or higher using the same version check method.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by account modifications

Network Indicators:

SQL injection patterns in HTTP requests to GLPI endpoints

SIEM Query:

source="glpi_access.log" AND (url="*sql*" OR method="POST" AND uri="*/ajax/*")

📊 Metadata

CVE ID: CVE-2024-40638

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-89

Published: November 15, 2024

Last Updated: November 20, 2024

🔗 References

https://github.com/glpi-project/glpi/security/advisories/GHSA-8843-r3m7-gfqx Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-40638, you might also want to check these: