CVE-2015-7684
GLPI before 0.85.3 is vulnerable to an unrestricted file upload: remote authenticated users can attach an executable file to a ticket and access it via files/_tmp/ to execute arbitrary code. Root cause is improper handling of uploaded attachments allowing direct file access. No patch/version deta...