CVE-2023-28849 : Exploit Details and Defense Strategies

This CVE involves GLPI being vulnerable to SQL injection and Stored XSS via inventory agent request.

Understanding CVE-2023-28849

This vulnerability affects GLPI, a free asset and IT management software package. It allows attackers to execute SQL injection and Stored XSS attacks through the inventory agent request functionality.

What is CVE-2023-28849?

Starting from version 10.0.0 up to version 10.0.6 of GLPI, the inventory endpoint can be manipulated to launch a SQL injection attack. Additionally, malicious code can be inserted to facilitate XSS attacks. Notably, authentication is not required for the default GLPI inventory endpoint. The issue has been addressed in version 10.0.7, which includes a patch to mitigate the vulnerability. As a temporary measure, users can disable the native inventory feature.

The Impact of CVE-2023-28849

This critical vulnerability poses a high risk to the confidentiality and integrity of affected systems. With a base score of 10 on the CVSS scale, the exploit can lead to severe consequences if left unaddressed.

Technical Details of CVE-2023-28849

The vulnerability arises due to improper neutralization of special elements used in an SQL command (CWE-89) and improper neutralization of input during web page generation (CWE-79).

Vulnerability Description

The vulnerability allows threat actors to manipulate the inventory agent request functionality to execute SQL injection and Stored XSS attacks, compromising the security of GLPI installations.

Affected Systems and Versions

Vendor: glpi-project
Product: GLPI
Affected Versions: >= 10.0.0, < 10.0.7

Exploitation Mechanism

By exploiting the insecure handling of input in the GLPI inventory endpoint, attackers can inject and execute malicious SQL queries and code, leading to data theft and unauthorized access.

Mitigation and Prevention

To safeguard systems from CVE-2023-28849, immediate actions and long-term security practices are recommended.

Immediate Steps to Take

Update GLPI to version 10.0.7 or later to apply the necessary security patch.
If updating immediately is not feasible, consider disabling the native inventory feature as a temporary workaround.

Long-Term Security Practices

Regularly update software and apply patches promptly to mitigate known vulnerabilities.
Implement strong authentication mechanisms and access controls to prevent unauthorized exploitation of system components.

Patching and Updates

Ensure that GLPI installations are updated to version 10.0.7 or beyond to address the SQL injection and Stored XSS vulnerabilities present in earlier versions. Regularly monitor for security advisories and apply patches promptly to enhance system security.