CVE-2024-41679

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 10.0.17

Description The issue is related to a SQL injection vulnerability in the ticket form of GLPI, a free asset and IT management software package. An authenticated user can exploit this vulnerability, potentially allowing a remote attacker to perform SQL injections. The vulnerability is due to a lack of protection measures for the SQL query structure.

Recommendations For versions prior to 10.0.17, upgrade to version 10.0.17 to resolve the issue. As a temporary workaround, consider restricting access to the ticket form until the upgrade is applied.