Description SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning. Remediation References CVE-2020-24881 Related Vulnerabilities WordPress Plugin Metform Elementor Contact Form Builder-Flexible and Design-Friendly Contact Form builder for WordPress Cross-Site Scripting (3.1.2) MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4573) WordPress Plugin WP Symposium Multiple Vulnerabilities (14.05.02) Oracle Database Server CVE-2010-2407 Vulnerability (CVE-2010-2407) WordPress Plugin Social Rocket-Social Sharing Cross-Site Request Forgery (1.2.9) Severity Critical Classification CVE-2020-24881 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities