CVE-2024-40638

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 10.0.17

Description The issue is related to a lack of protection against SQL injection attacks in the GLPI system, which manages IT assets and incidents. An authenticated user can exploit multiple SQL injection vulnerabilities, one of which allows altering another user's account data and taking control of it.

Recommendations For versions prior to 10.0.17, upgrade to version 10.0.17 to resolve the issue. As a temporary workaround, consider restricting access to sensitive user account data until the upgrade is applied.