GLPI version 0.84.1 suffers from improper access control bypass and PHP code injection vulnerabilities.
eff44306fe558c9ddee7deaada237abd8335437f7528971070868f8ecce632f6
Mandriva Linux Security Advisory 2013-240 - Multiple security vulnerabilities exist due to improper sanitation of user input in GLPI versions prior to 0.83.9, 0.83.91, and 0.84.2. This update provides GLPI version 0.83.91, with a patch from GLPI 0.84.2, to fix these issues.
4d3c00a2edfe641cebcea5516c934560c44649ada453ccf113b27403bf71b449
This Metasploit module exploits an arbitrary command execution vulnerability in the GLPI 'install.php' script. Users should use this exploit at his own risk, since it's going to overwrite database configuration.
79ddcfadea6c138a29a453a0dc3ff975e1ac590cc8150a6246c57abfb76852b1