Description SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning. Remediation References CVE-2020-24881 Related Vulnerabilities WordPress Plugin Zephyr Project Manager Multiple Vulnerabilities (3.2.42) SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-28956) WordPress Plugin Zotpress 'zotpress.rss.php' SQL Injection (4.4) MongoDb Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2021-32036) WordPress Plugin Contact Form Email Cross-Site Scripting (1.3.24) Severity Critical Classification CVE-2020-24881 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities