PT-2025-7036 · Glpi · Glpi

Published

2025-01-23

Updated

2025-07-31

CVE-2025-24799

Report an issue

CVSS v3.1

9.8

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

**Name of the Vulnerable Software and Affected Versions:**

GLPI versions prior to 10.0.18

**Description:**

GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the `/inventory` endpoint. The vulnerability is due to improper neutralization of special elements used in SQL queries.

**Recommendations:**

GLPI versions prior to 10.0.18: Upgrade to version 10.0.18 or later to resolve this issue.

Exploit

Fix

Unrestricted File Upload

SQL injection

Weakness Enumeration

CWE-434CWE-89

Related Identifiers

BDU:2025-03181

BDU:2025-03182

CVE-2025-24799

GHSA-JV89-G7F7-JWFG

Affected Products

Glpi

PT-2025-7036 · Glpi · Glpi

Weakness Enumeration

Related Identifiers

Affected Products

References · 51