CVE-2015-7685 Information

Description

GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the _profiles_id parameter to front/user.form.php.

Reference

http://seclists.org/fulldisclosure/2015/Feb/71 http://www.glpi-project.org/spip.php?page=annonce&id_breve=338 https://forge.glpi-project.org/issues/5218