Customer Support System
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-49547 | Cri | 0.64 | 9.8 | 0.01 | Mar 5, 2024 | Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customer_support/ajax.php?action=login. | ||
| CVE-2023-50071 | Hig | 0.58 | 8.8 | 0.14 | Dec 29, 2023 | Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name. | ||
| CVE-2023-49978 | Hig | 0.57 | 8.8 | 0.01 | Mar 21, 2024 | Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators. | ||
| CVE-2023-49548 | Hig | 0.57 | 8.8 | 0.01 | Mar 5, 2024 | Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customer_support/ajax.php?action=save_user. | ||
| CVE-2023-50070 | Hig | 0.57 | 8.8 | 0.01 | Dec 29, 2023 | Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject. | ||
| CVE-2023-49545 | Hig | 0.49 | 7.5 | 0.01 | Mar 1, 2024 | A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization. | ||
| CVE-2023-51281 | Med | 0.35 | 5.4 | 0.00 | Mar 7, 2024 | Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters. | ||
| CVE-2023-49544 | Med | 0.32 | 4.9 | 0.01 | Mar 1, 2024 | A local file inclusion (LFI) in Customer Support System v1 allows attackers to include internal PHP files and gain unauthorized acces via manipulation of the page= parameter at /customer_support/index.php. | ||
| CVE-2025-70141 | 0.00 | — | 0.01 | Feb 18, 2026 | SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in admin_class.php based on the action parameter. An… |
- risk 0.64cvss 9.8epss 0.01
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customer_support/ajax.php?action=login.
- risk 0.58cvss 8.8epss 0.14
Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name.
- risk 0.57cvss 8.8epss 0.01
Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators.
- risk 0.57cvss 8.8epss 0.01
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customer_support/ajax.php?action=save_user.
- risk 0.57cvss 8.8epss 0.01
Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject.
- risk 0.49cvss 7.5epss 0.01
A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization.
- risk 0.35cvss 5.4epss 0.00
Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters.
- risk 0.32cvss 4.9epss 0.01
A local file inclusion (LFI) in Customer Support System v1 allows attackers to include internal PHP files and gain unauthorized acces via manipulation of the page= parameter at /customer_support/index.php.
- CVE-2025-70141Feb 18, 2026risk 0.00cvss —epss 0.01
SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in admin_class.php based on the action parameter. An…