CVE-2024-27756

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 10.0.13

Description The issue is related to CSV injection, where an attacker can create an asset with a crafted title, potentially allowing a remote attacker to impact the confidentiality, integrity, and availability of protected information. This could enable the attacker to obtain sensitive information.

Recommendations For GLPI versions prior to 10.0.13, update to version 10.0.13 or later to resolve the issue. As a temporary workaround, consider restricting the ability to create assets with crafted titles until a patch is available. Avoid using crafted titles in asset creation to minimize the risk of exploitation.