{"uuid": "2002296b-dd57-45e0-b127-feeaa53cc204", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "name": "Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801)", "description": "Ref: [https://blog.lexfo.fr/glpi-sql-to-rce.html](https://blog.lexfo.fr/glpi-sql-to-rce.html)\n\nSeveral GLPI instances have been identified during Red Team engagements. The software is popular with French-speaking companies, some of those even expose their instances directly on the Internet. GLPI has been historically known to harbor multiple easy-to-find vulnerabilities, and because it is often connected to an Active Directory, finding a vulnerability on this application for Red Team engagements or internal infrastructure audits could lead to initial access to the internal network and the recovery of an active directory account.\n\n- 2024-12-25 - Discovery of the vulnerability\n-  2025-01-28 - Report of the vulnerability through Github Advisories\n- 2025-01-28 - GLPI validates the report and assigns CVE-2025-24801 (ex\u00e9cution de code \u00e0 distance)\n- 2025-01-28 - GLPI validates the report and assigns CVE-2025-24799 (injection SQL)\n-  2025-02-12 - Release patched version 10.0.18\n-  2025-03-12 - Article released", "creation_timestamp": "2025-03-13T09:40:21.398312+00:00", "timestamp": "2025-03-13T09:40:21.398312+00:00", "related_vulnerabilities": ["CVE-2025-24799", "CVE-2025-24801"], "author": {"login": "adulau", "name": "Alexandre Dulaunoy", "uuid": "c933734a-9be8-4142-889e-26e95c752803"}}