CVE-2024-29889 — AI Deep Analysis Summary

🚨 **Essence**: GLPI < 10.0.15 has a critical SQL Injection flaw in saved searches. 💥 **Consequences**: Attackers can hijack other user accounts, altering data and taking full control.…

🛡️ **Root Cause**: **CWE-89 (SQL Injection)**. The saved searches feature fails to properly sanitize inputs, allowing malicious SQL commands to execute. 🐛 A classic input validation failure.

📦 **Affected**: **GLPI versions prior to 10.0.15**. This includes the popular open-source IT asset management software used by many devs and admins. 📉 If you’re on an older version, you’re at risk.

🕵️ **Attacker Actions**: With access, hackers can **modify another user’s account data** and **take control** of it. This isn’t just reading data; it’s active manipulation and privilege escalation within the app. 🔓

🔑 **Threshold**: **Medium**. Requires **Authenticated User** status (PR:L). You can’t just blast from the outside; you need valid credentials first. But once in, the attack is easy (AC:L). 🚪

💻 **Exploit Status**: **Yes, PoC exists**. A Nuclei template is available on GitHub (projectdiscovery). While wild exploitation isn’t confirmed, the code is public and ready for testing. ⚠️

🔍 **Self-Check**: Scan for GLPI instances running versions < 10.0.15. Use tools like Nuclei with the specific CVE template. Check if the 'saved searches' feature is active and unpatched. 🧪

✅ **Fix**: **Yes, patched**. Upgrade to **GLPI 10.0.15** or later. The vendor released a fix via GitHub commit 0a6b28be. 🛠️ This is the primary mitigation.

🚧 **No Patch?**: Isolate the instance. Restrict access to authenticated users only. Monitor 'saved searches' logs for anomalies. Disable the feature if possible until patched. 🛑

🔥 **Urgency**: **High**. CVSS score indicates High Confidentiality impact. Account takeover is severe. Patch immediately if you’re on an older version. Don’t wait! ⏳