osTicket

Introduction

• Open-source support ticketing system

• The core function of osTicket is to inform the company's employees about a problem so that a problem can be solved with the service or other components

• osTicket version 1.14.1 suffers from CVE-2020-24881 which was an SSRF vulnerability. If exploited, this type of flaw may be leveraged to gain access to internal resources or perform internal port scanning.

• Aside from web application-related vulnerabilities, support portals can sometimes be used to obtain an email address for a company domain, which can be used to sign up for other exposed applications requiring an email verification to be sent.