CVE-2023-49979

A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization...

CVE-2023-49973

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customersupport/index.php?page=customerlist...

Cross site scripting

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customersupport/index.php?page=newticket...

CVE-2023-49971

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customersupport/index.php?page=customerlist...

Sql injection

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the email parameter at /customersupport/ajax.php...

Sql injection

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the subject parameter at /customersupport/ajax.php?action=saveticket...

Sql injection

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customersupport/index.php?page=editcustomer...

Sql injection

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customersupport/ajax.php?action=login...

CVE-2023-49970

Affected software: Customer Support System v1. The vulnerability is a SQL injection in the subject parameter of /customer_support/ajax.php?action=save_ticket. Root cause: lack of validation of externally-entered SQL statements via the subject parameter. Impact: high confidentiality, integrity, an...

CVE-2023-49968

The CVE-2023-49968 entry covers a SQL injection in Customer Support System v1, exploitable via the id parameter on /customer_support/manage_department.php. The issue is caused by insufficient input validation in that parameter, allowing an attacker to alter SQL query logic and potentially access ...

Authorization

A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization...

CVE-2023-49545

CVE-2023-49545 affects the Customer Support System v1. The vulnerability is a directory listing flaw that allows an attacker to enumerate directories and sensitive files without requiring authorization. The provided connected sources corroborate this description across multiple feeds (NVD/Red Hat...

CVE-2023-24231

CVE-2023-24231 : A stored cross-site scripting (XSS) vulnerability exists in the Inventory Management System v1, specifically in the component at /php-inventory-management-system/categories.php. The issue arises when a crafted payload is injected into the Categories Name parameter, allowing an at...

CVE-2021-41659

SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username or password field...

Sql injection

SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username or password field...

Sql injection

The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication...