PHP file inclusion vulnerability in the osTicket module in Help Center Live before 2.0.3 allows remote attackers to access or include arbitrary files via the file parameter, possibly due to a directory traversal vulnerability.