Session Fixation vulnerability in in function login in class.auth.php in osTicket up to and including 1.16.2.
enhancesoft osticket