CVE-2021-28023

Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt