CVE-2015-7685
CVE-2015-7685 affects GLPI before 0.85.3. A remote authenticated user can escalate privileges by abusing the create user path and the _profiles_id parameter in front/user.form.php to create a super-admin account. The root cause is improper handling of permissions when creating users via that form...