Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| glpi-project | glpi | >= 10.0.0, < 10.0.18 | - |
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | None | https://github.com/realcodeb0ss/CVE-2025-24799-PoC | POC Details |
| 2 | None | https://github.com/MuhammadWaseem29/CVE-2025-24799 | POC Details |
| 3 | A pre-authentication SQL injection vulnerability exists in the Inventory feature of GLPI. The vulnerability is caused by insufficient sanitization of user input in the handleAgent function when processing XML requests. The issue occurs because SimpleXMLElement objects can bypass the dbEscapeRecursive function, allowing an attacker to inject SQL queries. This can lead to unauthorized access to sensitive information in the database, including user credentials and potential authentication bypass. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-24799.yaml | POC Details |
| 4 | CVE-2025-24799 Exploit: GLPI - Unauthenticated SQL Injection | https://github.com/MatheuZSecurity/Exploit-CVE-2025-24799 | POC Details |
| 5 | None | https://github.com/galletitaconpate/CVE-2025-24799 | POC Details |
| 6 | None | https://github.com/nak000/CVE-2025-24799-sqli | POC Details |
| 7 | CVE-2025-24799 Exploit: GLPI - Unauthenticated SQL Injection | https://github.com/Rosemary1337/CVE-2025-24799 | POC Details |
| 8 | Scanner for GLPI CVE-2025-24799 vulnerability | https://github.com/airbus-cert/CVE-2025-24799-scanner | POC Details |
No public POC found.
Login to generate AI POCNo comments yet