NOMISEC-fatkz/CVE-2025-24801

NOMISEC WORKING POC
Exploit for CVE-2025-24801 - Glpi < 10.0.18 - Unrestricted File Upload
AI Analysis

This PoC exploits CVE-2025-24801, an LFI-to-RCE vulnerability in GLPI 10.0.17 by enabling PHP uploads and uploading a reverse shell. It automates login, document type manipulation, and file upload via AJAX endpoints.

Attack Type
RCE
Complexity
moderate
Reliability
reliable
MITRE ATT&CK
T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services T1505 - Server Software Component
Loading exploit code...
Download ZIP Password: eip
Source
Platform Nomisec
Type poc
Files 3
Stars 3
Forks 1
Last Push May 07, 2025
Authors
fatkz
Vulnerability
CVE-2025-24801
Glpi < 10.0.18 - Unrestricted File Upload
HIGH
CVSS 8.5