SSRF exists in osTicket prior to 1.14.3, where an attacker can add malicious file to server or perform port scanning.
osticket osticket