Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799 /CVE-2025-24801)

https://blog.lexfo.fr/glpi-sql-to-rce.html

GLPI: "The most complete open source service management software"

@buherator It's so complete that it comes with the usual trivial to find vulnerabilities you would expect from enterprise software!

@joxean @buherator They’re getting better, password reset tokens used to be stored in clear in the database so SQLi would let you takeover admin accounts. But still a long way to go :)

@swapgs @buherator lol