CVE-2025-24799
GLPI pre-auth SQL injection in the Inventory feature affects versions up to 10.0.17 due to insufficient sanitization of XML input in handleAgent, where SimpleXMLElement objects can bypass dbEscapeRecursive and allow arbitrary SQL via the inventory endpoint. Impact: unauthenticated access to data....