osTicket - Unauthenticated Arbitrary File Upload and Remote Code Execution via Ticket Attachment
osTicket allows remote attackers to view sensitive uploaded files and possibly execute arbitrary code via an HTTP request that uploads a PHP file to the ticket attachments directory.