CVE-2025-70141

SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in adminclass.php based on the action parameter. An unauthenticated remote attacke...

CVE-2025-70141

SourceCodester Customer Support System 1.0 contains an access-control flaw in ajax.php: the AJAX dispatcher may invoke administrative actions in admin_class.php without authentication/authorization checks, based on the action parameter. This allows an unauthenticated remote attacker to perform se...

CVE-2025-70141

SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in adminclass.php based on the action parameter. An unauthenticated remote attacke...

SourceCodester Customer Support System 安全漏洞

The SourceCodester Customer Support System is an open-source customer support system developed by SourceCodester. Version 1.0 of the SourceCodester Customer Support System contains security vulnerabilities. These vulnerabilities stem from the AJAX scheduler in the ajax.php file, which lacks...

CVE-2025-70141

SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in adminclass.php based on the action parameter. An unauthenticated remote attacke...

AI Agents Are Becoming Authorization Bypass Paths

Not long ago, AI agents were harmless. They wrote snippets of code. They answered questions. They helped individuals move a little faster. Then organizations got ambitious. Instead of personal copilots, companies started deploying shared organizational AI agents - agents embedded into HR, IT,...

CVE-2023-50070

Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customersupport/ajax.php?action=saveticket via departmentid, customerid, and subject...

CVE-2023-49977

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customersupport/index.php?page=newcustomer...

CVE-2023-49546

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the email parameter at /customersupport/ajax.php...

CVE-2023-49979

A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization...

CVE-2023-49548

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customersupport/ajax.php?action=saveuser...

CVE-2023-49971

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customersupport/index.php?page=customerlist...

CVE-2023-49544

A local file inclusion LFI in Customer Support System v1 allows attackers to include internal PHP files and gain unauthorized acces via manipulation of the page= parameter at /customersupport/index.php...

CVE-2023-49976

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customersupport/index.php?page=newticket...

CVE-2023-49545

A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization...

CVE-2023-49978

Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators...

CVE-2023-49969

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customersupport/index.php?page=editcustomer...

Meta Rolls Out New Tools to Protect WhatsApp and Messenger Users from Scams

Meta on Tuesday said it's launching new tools to protect Messenger and WhatsApp users from potential scams. To that end, the company said it's introducing new warnings on WhatsApp when users attempt to share their screen with an unknown contact during a video call so as to prevent them from givin...

The importance of hardening customer support tools against cyberattacks

The Deputy CISO blog series is whereMicrosoft Deputy Chief Information Security Officers CISOs share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start and stop deploying, forward-looking commentary on where the...

The importance of hardening customer support tools against cyberattacks

The Deputy CISO blog series is whereMicrosoft Deputy Chief Information Security Officers CISOs share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start and stop deploying, forward-looking commentary on where the...