CVE-2025-24801 Information

Description

GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of .php files located on the GLPI server. This vulnerability is fixed in 10.0.18.

Reference

https://github.com/glpi-project/glpi/security/advisories/GHSA-g2p3-33ff-r555