Description SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning. Remediation References CVE-2020-24881 Related Vulnerabilities Oracle HTTP Server Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2022-21716) Oracle JRE CVE-2024-20919 Vulnerability (CVE-2024-20919) WordPress Plugin Relevanssi-A Better Search SQL Injection (3.6.0) WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more Cross-Site Scripting (1.6.9) IBM RTC Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-29701) Severity Critical Classification CVE-2020-24881 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities