GLPI prior to 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php.
glpi-project glpi