D3V11

**Name of the Vulnerable Software and Affected Versions** osTicket version 1.6 **Description** A directory traversal issue allows remote attackers to read arbitrary files by using a .. (dot dot) in the `file` parameter to "module.php". This issue has been disputed by a reliable third party. **Recommendations** For osTicket version 1.6, at the moment, there is no information about a newer version that contains a fix for this vulnerability.