osTicket trusts a hidden form field in the submit form to limit the upload size of a document, which could allow remote malicious users to upload a file of any size.
osticket osticket sts