CVE-2024-37148

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 10.0.16

Description The issue is related to a SQL injection vulnerability in some AJAX scripts of the GLPI software. This vulnerability can be exploited by an authenticated user to alter another user's account data and take control of it. The vulnerability is caused by the incorrect neutralization of special elements used in SQL commands, allowing a remote attacker to modify user account data and gain control over it.

Recommendations For versions prior to 10.0.16, upgrade to version 10.0.16 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable AJAX scripts until the upgrade is applied.