cbcvebase.
CVE-2024-37148
published 2024-07-10

CVE-2024-37148: GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An…

PriorityP264high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
EPSS
20.39%
97.2th percentile
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in some AJAX scripts to alter another user account data and take control of it. Upgrade to 10.0.16.

Affected

2 ranges
VendorProductVersion rangeFixed in
glpi-projectglpi
glpi-projectglpi>= 0.84 < 10.0.1610.0.16

Detection & IOCsextracted from sources · hover to see the quote

path/ajax/savedsearch.php
path/front/display.options.php
  • M1: Exploit targets POST body to /ajax/savedsearch.php with the 'ids[]=' parameter (encoded as ids|5b 5d 3d|) containing SQL injection characters — single/double quotes, semicolons, dashes, backslashes, asterisks, slashes, or their URL-encoded equivalents.
  • M2: Exploit targets /front/display.options.php with the 'sub_itemtype=' parameter (encoded as sub_itemtype|3d|) containing SQL injection characters — single/double quotes, semicolons, dashes, backslashes, asterisks, slashes, or their URL-encoded equivalents.
  • Both attack vectors require an established HTTP connection to the server (authenticated context), consistent with the vulnerability requiring prior authentication before SQL injection can be triggered.
  • The attack is classified under MITRE ATT&CK T1190 (Exploit Public-Facing Application) under tactic TA0001 (Initial Access), indicating the SQLi is used to escalate to account takeover from an authenticated session.
  • ·Both Snort/Suricata rules include 'tls_state TLSDecrypt' and 'deployment SSLDecrypt' metadata, meaning they will only fire on TLS-decrypted traffic — TLS inspection must be enabled for these signatures to be effective.

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
osv8.1HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.