Posted by Stiehl on Feb 18

Multiple vulnerabilities have been identified in GLPI
(http://www.glpi-project.org).

1/ Arbitrary file upload
Severity: Important

Versions Affected
===========
All versions between 0.85 and 0.85.2

Description
=======
When an user wants to create a new ticket, he has the possibility to add
an attachment. If for example he wants to add a file named “test.php”
with or without adding the ticket, the file will be temporary uploaded
to…