GLPI version 0.85.5 suffers from a file upload filter bypass vulnerability that allows for remote code execution.