CVE-2022-35946 is a medium-severity SQL Injection vulnerability affecting the GLPI (Gestionnaire Libre de Parc Informatique) software, an open-source IT asset and service management solution widely used for ITIL service desk functions, license tracking, and software auditing. The vulnerability exists in the plugin controller of GLPI versions from 0.72 up to, but not including, 10.0.3. Specifically, the issue arises because user input in requests is not properly sanitized or validated before being used in SQL commands within the plugin controller. This improper neutralization of special elements (CWE-89) allows an attacker with "General setup" update rights to manipulate SQL queries, potentially altering database contents. The attack vector requires authenticated access with elevated privileges, meaning the attacker must already have some level of administrative rights within the GLPI environment. Exploitation could lead to unauthorized modification of critical data stored in the GLPI database, such as asset records, service tickets, or configuration information, undermining data integrity and potentially impacting IT service management operations. No known exploits have been reported in the wild to date. The vendor recommends upgrading to GLPI version 10.0.3 or later to remediate the vulnerability. For users unable to upgrade immediately, a temporary mitigation is to remove the vulnerable script file `front/plugin.form.php` to prevent exploitation through this attack vector.

For European organizations relying on GLPI for IT asset management and service desk operations, this vulnerability poses a risk to the integrity of critical IT management data. An attacker exploiting this flaw could alter database records, potentially disrupting IT service workflows, misrepresenting asset inventories, or corrupting license tracking data. This could lead to operational inefficiencies, compliance issues, and increased risk of further security incidents due to inaccurate IT environment visibility. Since exploitation requires authenticated access with elevated privileges, the threat is primarily from insider threats or attackers who have already compromised lower-level accounts. However, if such access is obtained, the impact on confidentiality is limited but the integrity and availability of IT management data could be significantly affected. This may also indirectly affect business continuity and regulatory compliance, especially in sectors with strict IT governance requirements such as finance, healthcare, and critical infrastructure within Europe.

1. Immediate upgrade to GLPI version 10.0.3 or later, which contains the fix for this vulnerability, is the most effective mitigation. 2. For organizations unable to upgrade promptly, remove or restrict access to the `front/plugin.form.php` script to block the vulnerable entry point. 3. Review and tighten user permissions to ensure that only trusted administrators have "General setup" update rights, minimizing the risk of privilege abuse. 4. Implement strong authentication mechanisms and monitor administrative account activities for unusual behavior indicative of compromise. 5. Conduct regular audits of GLPI database integrity and logs to detect unauthorized changes early. 6. Employ network segmentation and access controls to limit exposure of GLPI management interfaces to trusted internal networks only. 7. Maintain up-to-date backups of GLPI data to enable recovery in case of data corruption or tampering. 8. Consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block suspicious SQL injection patterns targeting GLPI plugin endpoints.