Created on 2025-03-13 09:40 and updated on 2025-03-13 09:40.
Description
Ref: https://blog.lexfo.fr/glpi-sql-to-rce.html
Several GLPI instances have been identified during Red Team engagements. The software is popular with French-speaking companies, some of those even expose their instances directly on the Internet. GLPI has been historically known to harbor multiple easy-to-find vulnerabilities, and because it is often connected to an Active Directory, finding a vulnerability on this application for Red Team engagements or internal infrastructure audits could lead to initial access to the internal network and the recovery of an active directory account.
- 2024-12-25 - Discovery of the vulnerability
- 2025-01-28 - Report of the vulnerability through Github Advisories
- 2025-01-28 - GLPI validates the report and assigns CVE-2025-24801 (exécution de code à distance)
- 2025-01-28 - GLPI validates the report and assigns CVE-2025-24799 (injection SQL)
- 2025-02-12 - Release patched version 10.0.18
- 2025-03-12 - Article released