{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-29047/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.2,"id":"CVE-2026-29047"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["glpi","sqli","cve-2026-29047"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eGLPI is a free asset and IT management software package.  CVE-2026-29047 affects GLPI versions 10.0.0 up to, but not including, 10.0.24, as well as version 11.0.6. An authenticated user can exploit a SQL injection vulnerability present in the logs export feature. Successful exploitation could allow an attacker to read sensitive data, modify database content, or even execute arbitrary commands on the underlying database server.  Organizations using vulnerable versions of GLPI should upgrade to versions 10.0.24 or 11.0.6 as soon as possible to mitigate the risk. This vulnerability highlights the importance of keeping software up to date with the latest security patches.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains valid user credentials to a GLPI instance (versions 10.0.0 to 10.0.23 or 11.0.0 to 11.0.5).\u003c/li\u003e\n\u003cli\u003eThe attacker authenticates to the GLPI web interface using the acquired credentials.\u003c/li\u003e\n\u003cli\u003eThe attacker navigates to the \u0026ldquo;logs export\u0026rdquo; feature within the GLPI interface.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious SQL query and injects it into a parameter that is used when exporting the logs. This parameter is not properly sanitized.\u003c/li\u003e\n\u003cli\u003eThe GLPI application processes the crafted SQL query without proper sanitization, leading to SQL injection.\u003c/li\u003e\n\u003cli\u003eThe injected SQL query is executed against the GLPI database.\u003c/li\u003e\n\u003cli\u003eThe attacker retrieves sensitive data from the database or modifies existing data.\u003c/li\u003e\n\u003cli\u003eThe attacker escalates the attack, potentially gaining control of the underlying database server depending on database privileges.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-29047 can lead to unauthorized access to sensitive information stored in the GLPI database, such as user credentials, asset information, and IT configuration details. An attacker could modify or delete critical data, disrupt IT operations, and potentially gain control over the entire GLPI system. This could impact all organizations utilizing the vulnerable GLPI version, potentially leading to data breaches and financial losses.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade GLPI to version 10.0.24 or 11.0.6 to patch CVE-2026-29047 (references: advisory in Overview).\u003c/li\u003e\n\u003cli\u003eImplement database activity monitoring to detect and alert on suspicious SQL queries (references: Attack Chain step 6).\u003c/li\u003e\n\u003cli\u003eReview user access controls and enforce the principle of least privilege to limit the impact of compromised accounts (references: Attack Chain step 1).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided to detect potential exploitation attempts targeting the logs export feature (references: rules section).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-06T15:17:07Z","date_published":"2026-04-06T15:17:07Z","id":"/briefs/2026-04-glpi-sqli/","summary":"GLPI versions 10.0.0 before 10.0.24 and 11.0.6 are vulnerable to SQL Injection (CVE-2026-29047) via the logs export feature, allowing authenticated users to potentially execute arbitrary SQL commands.","title":"GLPI SQL Injection Vulnerability (CVE-2026-29047)","url":"https://feed.craftedsignal.io/briefs/2026-04-glpi-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-29047","version":"https://jsonfeed.org/version/1.1"}