nflatrea/CVE-2025-66417
GitHub: nflatrea/CVE-2025-66417
GLPI 资产管理系统 Blind SQL 注入漏洞的 PoC 验证脚本,通过 inventory 端点的 XML 载荷实现未认证注入。
Stars: 0 | Forks: 0
### CVE-2025-66417 PoC
```
__/\\___
(_ __))
/ ._))//
/: ._))\\
\ ____//
\//
. . . . CVE-2025-66417 PoC
. . . . GLPI Blind SQL Injection via XML Payload
. . . . beemo
GLPI has an unauthenticated SQL injection through the inventory endpoint
From 11.0.0, < 11.0.3, an unauthenticated user can perform a
SQL injection through the inventory endpoint.
This vulnerability is fixed in 11.0.3.
Usage:
python3 cve-2025-66417.py
Example:
python3 cve-2025-66417.py http://example.com/front/inventory.php
```
标签:CISA项目, CVE-2025-66417, GLPI, Inventory Endpoint, Maven, OCS Inventory, PNNL实验室, PoC, Python, XML攻击, 无后门, 暴力破解, 未授权访问, 漏洞验证, 盲注, 网络安全, 资产管理系统, 输入验证缺失, 远程代码执行基础, 逆向工具, 隐私保护