An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers.
Published October 7, 2021.
Zammad Zammad
