2004-06-30 04:00:00
mitre
PUBLISHED
osTicket trusts a hidden form field in the submit form to limit the upload size of a document, which could allow remote attackers to upload a file of any size.