CVE-2022-31061 is a SQL injection vulnerability identified in the GLPI software, an open-source IT asset and service management platform widely used for data center management, ITIL service desks, license tracking, and software auditing. The vulnerability affects GLPI versions from 9.3.0 up to but not including 9.5.8, and versions from 10.0.0 up to but not including 10.0.2. The flaw resides in the login page, where improper neutralization of special elements in SQL commands allows an attacker to inject malicious SQL code. Notably, exploitation of this vulnerability does not require any user credentials or authentication, making it accessible to unauthenticated remote attackers. This SQL injection could enable attackers to manipulate backend database queries, potentially leading to unauthorized data disclosure, data modification, or even complete compromise of the underlying database. Since the login page is publicly accessible, the attack surface is broad. There are no known workarounds, and users are strongly advised to upgrade to patched versions as soon as possible. Although no known exploits have been reported in the wild, the vulnerability’s presence in a critical component of GLPI’s authentication mechanism poses a significant risk to organizations relying on this software for IT asset and service management.

For European organizations, the impact of this vulnerability can be substantial. GLPI is commonly deployed in public sector institutions, educational organizations, and private enterprises for managing IT assets and service desks. Exploitation could lead to unauthorized access to sensitive IT management data, including asset inventories, license information, and service tickets, potentially exposing confidential operational details. Attackers could also manipulate or delete data, disrupting IT operations and service management workflows. Given that the vulnerability allows unauthenticated access to inject SQL commands, attackers might escalate their privileges or pivot to other internal systems, increasing the risk of broader network compromise. This could result in operational downtime, regulatory compliance violations (especially under GDPR if personal data is involved), and reputational damage. The absence of known exploits currently reduces immediate risk, but the ease of exploitation and critical nature of the affected component make timely remediation essential.

Organizations should prioritize upgrading GLPI installations to versions 9.5.8 or later and 10.0.2 or later, where the vulnerability has been addressed. Since no workarounds exist, patching is the primary mitigation. Additionally, organizations should implement network-level protections such as web application firewalls (WAFs) configured to detect and block SQL injection attempts targeting the login page. Monitoring and logging of login page access should be enhanced to detect anomalous or suspicious input patterns indicative of injection attempts. Restricting access to the GLPI login interface via IP whitelisting or VPN access can reduce exposure. Regular database backups should be maintained to enable recovery in case of data manipulation. Finally, conducting security assessments and penetration testing focused on GLPI deployments can help identify residual risks and verify the effectiveness of mitigation measures.