osTicket Unrestricted Upload of File with Dangerous Type Vulnerability - CVE-2017-15580
osTicket 1.10.1 provides a functionality to upload 39html39 files with associated formats. However it does not properly validate the uploaded file39s contents and thus accepts any type of file such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content.