CVE Daily

CVE-2025-24799

GLPI is a free asset and IT management software package. An unauthenticated user...

High CVSS 7.5

Overview

GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18.

CWE: CWE-89 Published: 2025-03-18T19:15:48.927
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 7.5 (HIGH)
  • Detected tags: sql, unauth_access (tag impact: HIGH)

Recommended actions:

  • Use parameterized queries/ORM (avoid string concatenation).
  • Add WAF rules and input validation.
  • Enforce authentication/authorization; reduce default endpoint exposure.

Recommended tools

Tags