Vulnerabilities > Osticket > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-02 | CVE-2020-24881 | Server-Side Request Forgery (SSRF) vulnerability in Osticket SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning. | 9.8 |
| 2017-10-23 | CVE-2017-15580 | Unrestricted Upload of File with Dangerous Type vulnerability in Osticket 1.10.1 osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. | 9.8 |
| 2017-09-12 | CVE-2017-14396 | SQL Injection vulnerability in Osticket 1.10 In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php. | 9.8 |