CVE-2022-29250 is a medium-severity SQL Injection vulnerability affecting versions of the GLPI (Gestionnaire Libre de Parc Informatique) software prior to 10.0.1. GLPI is an open-source IT asset and service management software widely used for ITIL service desk functions, license tracking, and software auditing. The vulnerability arises from improper neutralization of special elements in SQL commands (CWE-89) on search pages, allowing authenticated users to inject arbitrary SQL code. Exploitation requires the attacker to be logged in, which limits exposure to internal or authenticated users rather than anonymous attackers. The flaw enables attackers to add or manipulate extra information in the database via crafted SQL queries, potentially leading to unauthorized data access, data modification, or corruption. Although no known exploits are reported in the wild, the vulnerability poses a risk to the confidentiality, integrity, and availability of the data managed by GLPI instances. Since GLPI is often deployed in enterprise environments to manage critical IT assets and service requests, exploitation could disrupt IT operations or lead to data breaches if leveraged by malicious insiders or compromised accounts. The vulnerability was publicly disclosed on June 9, 2022, and fixed in GLPI version 10.0.1. No official CVSS score is assigned, but the issue is recognized and enriched by CISA, indicating its relevance to cybersecurity stakeholders.

For European organizations, the impact of CVE-2022-29250 can be significant, especially for those relying on GLPI for IT asset management and service desk operations. Successful exploitation could allow attackers with legitimate user credentials to execute arbitrary SQL commands, leading to unauthorized disclosure of sensitive information such as asset inventories, license details, and service tickets. This could result in data breaches, violation of data protection regulations like GDPR, and operational disruptions. Integrity of IT management data could be compromised, affecting decision-making and incident response. Availability might also be impacted if attackers manipulate or delete critical records, causing service desk outages or delays. Given that GLPI is used by public sector entities, educational institutions, and private enterprises across Europe, the vulnerability could affect a broad range of sectors. The requirement for authentication reduces the risk from external attackers but increases the threat from insider threats or compromised accounts. Organizations with weak access controls or insufficient monitoring are particularly vulnerable. The absence of known exploits in the wild suggests limited active exploitation but does not eliminate the risk of future attacks, especially as threat actors often target IT management platforms to gain footholds or escalate privileges.

To mitigate CVE-2022-29250, European organizations should prioritize upgrading GLPI installations to version 10.0.1 or later, where the vulnerability is patched. In environments where immediate upgrade is not feasible, organizations should implement strict access controls to limit GLPI user permissions to the minimum necessary, reducing the risk of exploitation by authenticated users. Monitoring and logging of GLPI user activities should be enhanced to detect anomalous behavior indicative of SQL injection attempts. Employing Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns on GLPI search pages can provide an additional layer of defense. Regular security audits and code reviews of custom GLPI plugins or integrations should be conducted to ensure they do not introduce similar vulnerabilities. Organizations should also enforce strong authentication mechanisms, such as multi-factor authentication (MFA), to reduce the risk of credential compromise. Finally, incident response plans should include scenarios involving GLPI compromise to ensure rapid containment and remediation.