VYPR

Customer Support System

by Sourcecodester

CVEs (9)

  • CVE-2023-49547CriMar 5, 2024
    risk 0.64cvss 9.8epss 0.01

    Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customer_support/ajax.php?action=login.

  • CVE-2023-50071HigDec 29, 2023
    risk 0.58cvss 8.8epss 0.14

    Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name.

  • CVE-2023-49978HigMar 21, 2024
    risk 0.57cvss 8.8epss 0.01

    Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators.

  • CVE-2023-49548HigMar 5, 2024
    risk 0.57cvss 8.8epss 0.01

    Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customer_support/ajax.php?action=save_user.

  • CVE-2023-50070HigDec 29, 2023
    risk 0.57cvss 8.8epss 0.01

    Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject.

  • CVE-2023-49545HigMar 1, 2024
    risk 0.49cvss 7.5epss 0.01

    A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization.

  • CVE-2023-51281MedMar 7, 2024
    risk 0.35cvss 5.4epss 0.00

    Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters.

  • CVE-2023-49544MedMar 1, 2024
    risk 0.32cvss 4.9epss 0.01

    A local file inclusion (LFI) in Customer Support System v1 allows attackers to include internal PHP files and gain unauthorized acces via manipulation of the page= parameter at /customer_support/index.php.

  • CVE-2025-70141Feb 18, 2026
    risk 0.00cvss epss 0.01

    SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in admin_class.php based on the action parameter. An…