Lucene search
K
Oretnom23Customer Support System

19 matches found

CVE
CVE
added 2024/03/04 12:0 a.m.93 views

CVE-2023-49968

The CVE-2023-49968 entry covers a SQL injection in Customer Support System v1, exploitable via the id parameter on /customer_support/manage_department.php. The issue is caused by insufficient input validation in that parameter, allowing an attacker to alter SQL query logic and potentially access ...

7.3CVSS8.1AI score0.00456EPSS
Web
CVE
CVE
added 2024/03/01 12:0 a.m.75 views

CVE-2023-49544

CVE-2023-49544 describes a Local File Inclusion (LFI) in Customer Support System v1, exploitable via the page= parameter in /customer_support/index.php to include internal PHP files and gain unauthorized access. Documented impact: confidentiality of internal files is H, with no indicated impact o...

4.9CVSS6.8AI score0.00766EPSS
Web
CVE
CVE
added 2024/03/01 12:0 a.m.73 views

CVE-2023-49545

CVE-2023-49545 affects the Customer Support System v1. The vulnerability is a directory listing flaw that allows an attacker to enumerate directories and sensitive files without requiring authorization. The provided connected sources corroborate this description across multiple feeds (NVD/Red Hat...

7.5CVSS6.6AI score0.00776EPSS
CVE
CVE
added 2024/03/04 12:0 a.m.65 views

CVE-2023-49548

CVE-2023-49548 affects the open-source “Customer Support System v1” and is a SQL injection vulnerability via the lastname parameter on /customer_support/ajax.php?action=save_user. The linked documents consistently describe a SQL injection that could leak data and do not provide a concrete remedia...

8.8CVSS8.1AI score0.00761EPSS
Web
CVE
CVE
added 2024/03/04 12:0 a.m.62 views

CVE-2023-49547

CVE-2023-49547 concerns a SQL injection in Customer Support System v1. The vulnerability exists in the login path: /customer_support/ajax.php?action=login, via the username parameter, enabling potentially unauthorized data access. The CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H with a...

9.8CVSS8.1AI score0.0115EPSS
Web
CVE
CVE
added 2024/03/04 12:0 a.m.60 views

CVE-2023-49546

CVE-2023-49546 affects Customer Support System v1 . The vulnerability is a SQL injection in the email parameter of /customer_support/ajax.php, caused by lack of input validation. The CVSS v3.1 score is 8.8 (High) with network attack vector, low attack complexity, and no user interaction required;...

8.8CVSS8.1AI score0.00761EPSS
Web
CVE
CVE
added 2024/03/06 12:0 a.m.60 views

CVE-2023-49976

Summary: CVE-2023-49976 is an XSS vulnerability in Customer Support System v1. The flaw allows arbitrary web scripts/HTML to be executed via a crafted payload in the subject parameter on the /customer_support/index.php?page=new_ticket page. Primary affected component: the subject field used durin...

5.4CVSS5.7AI score0.00466EPSS
Web
CVE
CVE
added 2024/03/06 12:0 a.m.59 views

CVE-2023-49971

CVE-2023-49971 describes a cross-site scripting (XSS) vulnerability in the Customer Support System v1, exploitable via a crafted payload injected into the firstname parameter at /customer_support/index.php?page=customer_list. Multiple connected sources (NVD, Red Hat, CNVD, CVE List, CNVD CNVD, PR...

6.1CVSS5.7AI score0.00433EPSS
Web
CVE
CVE
added 2024/03/06 12:0 a.m.58 views

CVE-2023-49974

CVE-2023-49974 concerns a cross-site scripting (XSS) vulnerability in the proprietary product Customer Support System v1 . The issue arises from insufficient input filtering/escaping, enabling an attacker to inject arbitrary web scripts or HTML via the crafted payload placed in the contact parame...

6.1CVSS5.7AI score0.0045EPSS
Web
CVE
CVE
added 2024/03/06 12:0 a.m.57 views

CVE-2023-49977

CVE-2023-49977 is an XSS vulnerability in Customer Support System v1. A crafted payload injected into the address parameter at /customer_support/index.php?page=new_customer can cause arbitrary web scripts/HTML to execute due to insufficient input filtering/escaping. The affected software is the C...

5.4CVSS5.7AI score0.0045EPSS
Web
CVE
CVE
added 2024/03/04 12:0 a.m.53 views

CVE-2023-49969

Vulnerability summary : Customer Support System v1 suffers from a SQL injection in the id parameter of /customer_support/index.php?page=edit_customer. The root cause is a lack of validation of the id parameter, allowing crafted input to alter SQL statements and potentially access data. Impact and...

4.3CVSS8.1AI score0.00519EPSS
Web
CVE
CVE
added 2024/03/06 12:0 a.m.53 views

CVE-2023-49973

CVE-2023-49973 is a documented cross-site scripting (XSS) vulnerability in the open-source-like Customer Support System v1 . The issue stems from insufficient input validation/escaping in the parameter email used at the endpoint /customer_support/index.php?page=customer_list, allowing attackers t...

6.1CVSS5.7AI score0.0045EPSS
Web
CVE
CVE
added 2024/03/04 12:0 a.m.52 views

CVE-2023-49970

Affected software: Customer Support System v1. The vulnerability is a SQL injection in the subject parameter of /customer_support/ajax.php?action=save_ticket. Root cause: lack of validation of externally-entered SQL statements via the subject parameter. Impact: high confidentiality, integrity, an...

9.8CVSS8.1AI score0.00818EPSS
Web
CVE
CVE
added 2024/03/07 12:0 a.m.52 views

CVE-2023-51281

CVE-2023-51281 affects the Customer Support System v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw that allows a remote attacker to escalate privileges via crafted inputs for fields such as firstname, lastname, middlename, contact, and address. Affected component details and exact ro...

5.4CVSS6.6AI score0.00478EPSS
CVE
CVE
added 2024/03/06 12:0 a.m.45 views

CVE-2023-49978

CVE-2023-49978 concerns an improper access control in the Customer Support System v1, where non-administrator users can access administrative pages and perform actions reserved for admins. Documents confirm the affected software and root cause as insufficient access restrictions on admin interfac...

8.8CVSS7AI score0.00835EPSS
CVE
CVE
added 2023/12/29 12:0 a.m.43 views

CVE-2023-50070

CVE-2023-50070 affects Sourcecodester Customer Support System 1.0. It reports multiple SQL injection vulnerabilities in the endpoint /customer_support/ajax.php?action=save_ticket, exploitable via the parameters department_id , customer_id , and subject . The consolidated sources describe the vuln...

8.8CVSS9.2AI score0.00786EPSS
Web
CVE
CVE
added 2025/06/16 8:30 a.m.30 views

CVE-2025-40729

CVE-2025-40729 affects Customer Support System v1.0; a reflected XSS in /customer_support/index.php via the page parameter enables remote attackers to run arbitrary code. Public sources (NVD/Red Hat/CVE lists) confirm the vulnerability and its impact as described; exploitation details, affected v...

6.1CVSS6.4AI score0.00324EPSS
Web
CVE
CVE
added 2025/06/16 8:29 a.m.25 views

CVE-2025-40728

CVE-2025-40728 affects Customer Support System v1.0. SQL injection via the id parameter in /customer_support/manage_user.php enables an authenticated attacker to retrieve, create, update, and delete databases. The advisories describe high impact (confidentiality/integrity/availability) with low a...

8.8CVSS7.3AI score0.00429EPSS
Web
CVE
CVE
added 2026/02/18 12:0 a.m.19 views

CVE-2025-70141

The CVE-2025-70141 issue affects SourceCodester Customer Support System 1.0, where ajax.php’s dispatcher is missing authentication/authorization before invoking administrative methods in admin_class.php based on the action parameter. This allows an unauthenticated remote attacker to perform sensi...

9.4CVSS5.6AI score0.00546EPSS