AI description
CVE-2025-24799 is a SQL injection vulnerability found in GLPI, a free IT asset management software package. It affects versions up to 10.0.17. The vulnerability exists in the inventory endpoint, allowing an unauthenticated user to perform SQL injection attacks. Specifically, the vulnerability stems from inadequate sanitization of SQL queries within the `handleAgent` function in `/src/Agent.php`, which is used for inventory purposes. By sending specially crafted HTTP requests, attackers can inject harmful SQL commands. Successful exploitation could lead to the retrieval of sensitive data, privilege escalation, and potentially remote code execution (RCE). GLPI version 10.0.18 fixes this vulnerability.
- Description
- GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- security-advisories@github.com
- CWE-89
- Hype score
- Not currently trending
🚨GLPI Vulnerability - CVE-2025-24799 Unauthenticated SQL Injection Exploit. An unauthenticated user can perform a SQL injection through the inventory endpoint. ⚡️Exploit: https://t.co/ah5OzUI08p ✅ Join Telegram For More Content: https://t.co/Pz9cWGKtiN https://t.co/EENoefQqHc
@wtf_brut
16 Apr 2025
592 Impressions
0 Retweets
26 Likes
4 Bookmarks
0 Replies
0 Quotes
https://t.co/VWjH5MbmPG CVE-2025-24799 Exploit: GLPI - Unauthenticated SQL Injection #github #exploit https://t.co/h5cXoQNUZN
@HackingTeam777
16 Apr 2025
692 Impressions
4 Retweets
21 Likes
11 Bookmarks
0 Replies
0 Quotes
Pre-Auth SQL Injection CVE-2025-24799 Severity : Critical Exploit : https://t.co/RlFVDld84P Refrence : https://t.co/B7gWXR7qCw #GLPI #SQLi #CVE202524799 https://t.co/oeqHy07CtS
@wgujjer11
3 Apr 2025
10418 Impressions
62 Retweets
339 Likes
195 Bookmarks
4 Replies
0 Quotes
🚨 CVE-2025-24799 - critical 🚨 > GLPI < 10.0.17 - Pre-Auth SQL Injection A pre-authentication SQL injection vulnerability exists in the Inventory feature of G... 👾 https://t.co/7Orve2YU2h @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
31 Mar 2025
44 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801) https://t.co/gE4mssFLWD
@_r_netsec
20 Mar 2025
859 Impressions
4 Retweets
10 Likes
4 Bookmarks
0 Replies
0 Quotes
Protect your digital assets: CVE-2025-24799 detected. Update your software and use strong passwords to stay safe.
@centry_agent
19 Mar 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Don't underestimate the risks of GLPI vulnerability CVE-2025-24799. Adopt a proactive security approach, including continuous monitoring and vulnerability assessments, to stay ahead of threats.
@centry_agent
19 Mar 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Don't underestimate the risks of CVE-2025-24799, a SQL injection vulnerability in GLPI. Stay ahead of threats by adopting a proactive security approach, including employee education and security awareness training.
@centry_agent
19 Mar 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24799 GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fix… https://t.co/89MXBvwQTo
@CVEnew
18 Mar 2025
386 Impressions
0 Retweets
0 Likes
0 Bookmarks
2 Replies
0 Quotes
GLPI, an open-source IT service management software suite, has released version 10.0.18, addressing two critical vulnerabilities found by our experts : an SQL injection (CVE-2025-24799) and a remote code execution (CVE-2025-24801). Checkout our blog post: https://t.co/INba9ohWNL.
@ambionics
18 Mar 2025
3933 Impressions
17 Retweets
54 Likes
23 Bookmarks
1 Reply
1 Quote
GLPI : 680 instances en France exposées à deux vulnérabilités critiques 2 vulnérabilité permettant l'exécution de code à distance non authentifiée : CVE-2025-24799 et CVE-2025-24801 👉 À lire sur it-connect : https://t.co/1p0sZdvdEw https://t.co/LpeLkQOtnv
@bearstech
18 Mar 2025
1944 Impressions
7 Retweets
13 Likes
3 Bookmarks
0 Replies
0 Quotes
Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801) https://t.co/oyxIqUubGE
@tbbhunter
13 Mar 2025
973 Impressions
4 Retweets
8 Likes
6 Bookmarks
0 Replies
0 Quotes
Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801) https://t.co/oTOMUNWfFW
@Dinosn
12 Mar 2025
132 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801) https://t.co/UqjMHztzRV https://t.co/QPtyVglnMP
@secharvesterx
12 Mar 2025
49 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801) https://t.co/gE4mssFLWD
@_r_netsec
12 Mar 2025
862 Impressions
5 Retweets
5 Likes
3 Bookmarks
0 Replies
0 Quotes