# GLPI 通过库存端点允许未认证的SQL注入
## 概述
GLPI 是一款免费的资产管理与IT管理系统软件。该系统中存在一个漏洞,允许未认证的用户通过库存端点进行 SQL 注入攻击。
## 影响版本
- 该漏洞在 GLPI 10.0.18 版本中得到修复。
## 细节
未认证的用户可以通过 GLPI 的库存端点执行 SQL 注入攻击。攻击者可以利用此漏洞访问或操作数据库内的敏感信息。
## 影响
- 隐私泄露:攻击者可能获取数据库中的敏感信息。
- 数据篡改:攻击者可能修改或删除数据库内的数据。
# | POC 描述 | 源链接 | 神龙链接 |
---|---|---|---|
1 | None | https://github.com/realcodeb0ss/CVE-2025-24799-PoC | POC详情 |
2 | None | https://github.com/MuhammadWaseem29/CVE-2025-24799 | POC详情 |
3 | A pre-authentication SQL injection vulnerability exists in the Inventory feature of GLPI. The vulnerability is caused by insufficient sanitization of user input in the handleAgent function when processing XML requests. The issue occurs because SimpleXMLElement objects can bypass the dbEscapeRecursive function, allowing an attacker to inject SQL queries. This can lead to unauthorized access to sensitive information in the database, including user credentials and potential authentication bypass. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-24799.yaml | POC详情 |
4 | CVE-2025-24799 Exploit: GLPI - Unauthenticated SQL Injection | https://github.com/MatheuZSecurity/Exploit-CVE-2025-24799 | POC详情 |
标题: Unauthenticated SQL injection through the inventory endpoint · Advisory · glpi-project/glpi · GitHub -- 🔗来源链接
标签: x_refsource_CONFIRM