osTicket allows remote attackers to view sensitive uploaded files and possibly execute arbitrary code via an HTTP request that uploads a PHP file to the ticket attachments directory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.099
EPSS Ranking 95.0%