CVE-2021-28023
CVE-2021-28023 affects ServiceTonic Helpdesk software prior to version 9.0.35937. An arbitrary file upload vulnerability exists in the Service import feature, allowing a malicious user to execute JSP code by uploading a ZIP that extracts files using relative paths. Root cause: extraction of archi...