CVE-2022-35947 is a medium-severity SQL injection vulnerability affecting the GLPI (Gestionnaire Libre de Parc Informatique) software, versions 9.1 up to but not including 10.0.3. GLPI is an open-source IT asset and service management solution widely used for ITIL service desk operations, license tracking, and software auditing. The vulnerability arises from improper neutralization of special elements in SQL commands (CWE-89), specifically related to the 'Enable login with external token' API configuration. An attacker exploiting this flaw can inject malicious SQL code to bypass authentication mechanisms, effectively simulating an arbitrary user login without valid credentials. This can lead to unauthorized access to sensitive IT management data and potentially allow further lateral movement within an organization's IT infrastructure. The vulnerability does not require prior authentication but does require that the targeted GLPI instance has the external token login feature enabled. No known exploits have been reported in the wild as of the publication date, but the risk remains significant due to the nature of the flaw. The vendor has addressed the issue in GLPI version 10.0.3, and users are strongly advised to upgrade. For those unable to upgrade immediately, disabling the 'Enable login with external token' API configuration is recommended as a temporary mitigation.

For European organizations, the impact of this vulnerability can be substantial, especially for those relying on GLPI for IT asset management and service desk operations. Successful exploitation could lead to unauthorized access to critical IT infrastructure data, including asset inventories, user credentials, license information, and service tickets. This unauthorized access could facilitate further attacks such as privilege escalation, data exfiltration, or disruption of IT services. Given that GLPI is often integrated into broader IT management workflows, compromise could affect operational continuity and compliance with data protection regulations such as GDPR. Additionally, organizations in sectors with high regulatory scrutiny (e.g., finance, healthcare, government) could face legal and reputational consequences if sensitive data is exposed or manipulated. The vulnerability's ability to bypass authentication without user interaction increases the risk of automated or targeted attacks, potentially affecting a wide range of organizations across Europe.

1. Immediate upgrade to GLPI version 10.0.3 or later to apply the official patch addressing the SQL injection vulnerability. 2. For organizations unable to upgrade promptly, disable the 'Enable login with external token' API configuration to prevent exploitation via this attack vector. 3. Conduct a thorough review of GLPI logs and authentication records to detect any suspicious login attempts or anomalies that could indicate exploitation attempts. 4. Implement network-level access controls to restrict GLPI API access to trusted internal networks or VPNs, minimizing exposure to external attackers. 5. Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting GLPI endpoints, especially those related to external token login. 6. Regularly audit and monitor GLPI user accounts and permissions to ensure least privilege principles are enforced, limiting potential damage from compromised accounts. 7. Educate IT and security teams about this specific vulnerability and ensure incident response plans include steps for potential GLPI compromise scenarios.