GLPI through 10.0.2 is susceptible to remote command execution injection in /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module.
View the template here CVE-2022-35914.yaml
References:
https://senderend.medium.com/pg-practice-box-deep-dive-glpi-c3a1cf1520f8