CVE-2026-8629

Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress agent tickets by sending POST requests to ticket endpoints. Attackers can exploit insufficient access control checks on the...

CVE-2026-5325

CVE-2026-5325 affects SourceCodester Simple Customer Relationship Management System 1.0. The issue lies in the Create Ticket component, specifically in /create-ticket.php where manipulating the Description argument causes cross-site scripting . Remote exploitation is possible, and the exploit has...

CVE-2025-40977 Multiple vulnerabilities in WorkDo products

Stored Cross-Site Scripting XSS vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to ‘/store-ticket’, using the ‘subject’ and ‘description’ parameters...

CVE-2025-40977 Multiple vulnerabilities in WorkDo products

Stored Cross-Site Scripting XSS vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to ‘/store-ticket’, using the ‘subject’ and ‘description’ parameters...

WorkDo HRMGo 跨站脚本漏洞

WorkDo HRMGo is a human resource management platform from WorkDo Inc. in the United States. WorkDo HRMGo suffers from a cross-site scripting vulnerability that stems from insufficient validation of user input for the subject and description parameters when sending a POST request to /store-ticket,...

PT-2026-1800

Name of the Vulnerable Software and Affected Versions WorkDo eCommerceGo affected versions not specified Description A stored Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. The issue is triggered by sending a POST request to the /store-ticket API...

CVE-2023-53935

WBiz Desk 1.2 contains a SQL injection vulnerability that allows non-admin users to manipulate database queries through the 'tk' parameter in ticket.php. Attackers can inject crafted SQL statements using UNION-based techniques to extract sensitive database information by sending malformed request...

EUVD-2025-204350

WBiz Desk 1.2 contains a SQL injection vulnerability that allows non-admin users to manipulate database queries through the 'tk' parameter in ticket.php. Attackers can inject crafted SQL statements using UNION-based techniques to extract sensitive database information by sending malformed request...

CVE-2023-53935

WBiz Desk 1.2 contains a SQL injection vulnerability that allows non-admin users to manipulate database queries through the 'tk' parameter in ticket.php. Attackers can inject crafted SQL statements using UNION-based techniques to extract sensitive database information by sending malformed request...

PT-2025-52314

Name of the Vulnerable Software and Affected Versions WBiz Desk version 1.2 Description A SQL injection issue exists in WBiz Desk 1.2 that allows non-admin users to manipulate database queries. This is possible through the tk parameter within the 'ticket.php' file. Attackers can inject crafted SQ...

Kashipara Bus Ticket Reservation System 安全漏洞

Kashipara Bus Ticket Reservation System is a bus reservation system from Kashipara. A cross-site request forgery vulnerability exists in Kashipara Bus Ticket Reservation System v1.0, which stems from /deleteTicket.php not adequately verifying that the request comes from a trusted user, and can be...

PT-2024-30136 · Unknown · Kashipara Bus Ticket Reservation System

Name of the Vulnerable Software and Affected Versions: Kashipara Bus Ticket Reservation System version 1.0 0 Description: The issue concerns Incorrect Access Control, allowing unauthorized actions via the "/deleteTicket.php" API endpoint. This enables unauthorized booking deletions due to broken...

PT-2024-21915 · Leantime · Leantime

Name of the Vulnerable Software and Affected Versions: Leantime version 3.0.6 Description: The issue allows for HTML Injection via the /dashboard/show/tickets/newTicket API endpoint. Recommendations: For Leantime version 3.0.6, update to a version that fixes this issue, however at the moment, the...

CVE-2023-49970

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the subject parameter at /customersupport/ajax.php?action=saveticket...

PT-2024-20896 · Unknown · Phpgurukul Zoo Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Zoo Management System version 1.0 Description: The issue is related to a SQL Injection vulnerability in the /zms/admin/edit-ticket.php file. This vulnerability can be exploited via the tickettype and tprice parameters...

CVE-2023-50070

Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customersupport/ajax.php?action=saveticket via departmentid, customerid, and subject...

CVE-2023-3834

A vulnerability was found in Bug Finder EX-RATE 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack may be...

PT-2023-26340 · Unknown · Bug Finder Listplace Directory Listing Platform

Name of the Vulnerable Software and Affected Versions: Bug Finder Listplace Directory Listing Platform version 3.0 Description: A vulnerability was found in the HTTP POST Request Handler component, specifically affecting some unknown functionality of the file /listplace/user/ticket/create. The...