19 matches found
CVE-2023-49968
The CVE-2023-49968 entry covers a SQL injection in Customer Support System v1, exploitable via the id parameter on /customer_support/manage_department.php. The issue is caused by insufficient input validation in that parameter, allowing an attacker to alter SQL query logic and potentially access ...
CVE-2023-49544
CVE-2023-49544 describes a Local File Inclusion (LFI) in Customer Support System v1, exploitable via the page= parameter in /customer_support/index.php to include internal PHP files and gain unauthorized access. Documented impact: confidentiality of internal files is H, with no indicated impact o...
CVE-2023-49545
CVE-2023-49545 affects the Customer Support System v1. The vulnerability is a directory listing flaw that allows an attacker to enumerate directories and sensitive files without requiring authorization. The provided connected sources corroborate this description across multiple feeds (NVD/Red Hat...
CVE-2023-49548
CVE-2023-49548 affects the open-source “Customer Support System v1” and is a SQL injection vulnerability via the lastname parameter on /customer_support/ajax.php?action=save_user. The linked documents consistently describe a SQL injection that could leak data and do not provide a concrete remedia...
CVE-2023-49547
CVE-2023-49547 concerns a SQL injection in Customer Support System v1. The vulnerability exists in the login path: /customer_support/ajax.php?action=login, via the username parameter, enabling potentially unauthorized data access. The CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H with a...
CVE-2023-49546
CVE-2023-49546 affects Customer Support System v1 . The vulnerability is a SQL injection in the email parameter of /customer_support/ajax.php, caused by lack of input validation. The CVSS v3.1 score is 8.8 (High) with network attack vector, low attack complexity, and no user interaction required;...
CVE-2023-49976
Summary: CVE-2023-49976 is an XSS vulnerability in Customer Support System v1. The flaw allows arbitrary web scripts/HTML to be executed via a crafted payload in the subject parameter on the /customer_support/index.php?page=new_ticket page. Primary affected component: the subject field used durin...
CVE-2023-49971
CVE-2023-49971 describes a cross-site scripting (XSS) vulnerability in the Customer Support System v1, exploitable via a crafted payload injected into the firstname parameter at /customer_support/index.php?page=customer_list. Multiple connected sources (NVD, Red Hat, CNVD, CVE List, CNVD CNVD, PR...
CVE-2023-49974
CVE-2023-49974 concerns a cross-site scripting (XSS) vulnerability in the proprietary product Customer Support System v1 . The issue arises from insufficient input filtering/escaping, enabling an attacker to inject arbitrary web scripts or HTML via the crafted payload placed in the contact parame...
CVE-2023-49977
CVE-2023-49977 is an XSS vulnerability in Customer Support System v1. A crafted payload injected into the address parameter at /customer_support/index.php?page=new_customer can cause arbitrary web scripts/HTML to execute due to insufficient input filtering/escaping. The affected software is the C...
CVE-2023-49969
Vulnerability summary : Customer Support System v1 suffers from a SQL injection in the id parameter of /customer_support/index.php?page=edit_customer. The root cause is a lack of validation of the id parameter, allowing crafted input to alter SQL statements and potentially access data. Impact and...
CVE-2023-49973
CVE-2023-49973 is a documented cross-site scripting (XSS) vulnerability in the open-source-like Customer Support System v1 . The issue stems from insufficient input validation/escaping in the parameter email used at the endpoint /customer_support/index.php?page=customer_list, allowing attackers t...
CVE-2023-49970
Affected software: Customer Support System v1. The vulnerability is a SQL injection in the subject parameter of /customer_support/ajax.php?action=save_ticket. Root cause: lack of validation of externally-entered SQL statements via the subject parameter. Impact: high confidentiality, integrity, an...
CVE-2023-51281
CVE-2023-51281 affects the Customer Support System v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw that allows a remote attacker to escalate privileges via crafted inputs for fields such as firstname, lastname, middlename, contact, and address. Affected component details and exact ro...
CVE-2023-49978
CVE-2023-49978 concerns an improper access control in the Customer Support System v1, where non-administrator users can access administrative pages and perform actions reserved for admins. Documents confirm the affected software and root cause as insufficient access restrictions on admin interfac...
CVE-2023-50070
CVE-2023-50070 affects Sourcecodester Customer Support System 1.0. It reports multiple SQL injection vulnerabilities in the endpoint /customer_support/ajax.php?action=save_ticket, exploitable via the parameters department_id , customer_id , and subject . The consolidated sources describe the vuln...
CVE-2025-40729
CVE-2025-40729 affects Customer Support System v1.0; a reflected XSS in /customer_support/index.php via the page parameter enables remote attackers to run arbitrary code. Public sources (NVD/Red Hat/CVE lists) confirm the vulnerability and its impact as described; exploitation details, affected v...
CVE-2025-40728
CVE-2025-40728 affects Customer Support System v1.0. SQL injection via the id parameter in /customer_support/manage_user.php enables an authenticated attacker to retrieve, create, update, and delete databases. The advisories describe high impact (confidentiality/integrity/availability) with low a...
CVE-2025-70141
The CVE-2025-70141 issue affects SourceCodester Customer Support System 1.0, where ajax.php’s dispatcher is missing authentication/authorization before invoking administrative methods in admin_class.php based on the action parameter. This allows an unauthenticated remote attacker to perform sensi...