SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.