Protect Your GLPI Installation from Remote Code Execution Vulnerability

CVECVE-2023-42802
CVSScvssV3_1: 10
SourceCVE-2023-42802

GLPI is an open source asset and IT management software that allows organizations to track hardware and software assets as well as manage service requests. A vulnerability was discovered in versions prior to 10.0.10 that could allow remote code execution on servers running an affected version of GLPI.

The vulnerability stems from a lack of verification when instantiating objects, which could allow an attacker to upload malicious PHP files to directories where the web server has write access. If the web server has the correct PHP modules installed, these files could then be executed by sending crafted requests to the server.

This poses a significant risk as a successful exploit could allow an attacker to run arbitrary code on the server with the permissions of the web server process. They could then install backdoors, download sensitive data like credentials or private keys, or launch other attacks on the internal network.

The good news is that this has been addressed in GLPI 10.0.10. However, if you are running an earlier version it is strongly recommended to upgrade immediately or implement additional protections in the meantime. You should also remove write permissions for the web server on directories like /ajax and /front where files could be uploaded.

Keeping your software updated is one of the best ways to defend against vulnerabilities. Be sure to apply patches and upgrades for GLPI and other applications as soon as they become available to help prevent exploitation and compromise of your systems.

References