Unrated severityNVD Advisory· Published Mar 18, 2025· Updated Mar 18, 2025
GLPI allows authenticated remote code execution
CVE-2025-24801
Description
GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of *.php files located on the GLPI server. This vulnerability is fixed in 10.0.18.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<10.0.18+ 1 more
- (no CPE)range: <10.0.18
- (no CPE)range: >= 0.85, < 10.0.18
Patches
Vulnerability mechanics
References
1- github.com/glpi-project/glpi/security/advisories/GHSA-g2p3-33ff-r555mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.