SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.
Sentiment · trusted sources
synthesissevere-fallout-0.50
Negative sentiment due to critical SSRF vulnerability in osTicket allowing file upload and port scanning, though sources are generic databases rather than direct vendor condemnation.