Oretnom23

Customer Support System

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.4

CVE-2025-70141

Exploit
  • EPSS 0.38%
  • Veröffentlicht 18.02.2026 00:00:00
  • Zuletzt bearbeitet 23.02.2026 15:44:06

SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in admin_class.php based on the act...

6.1

CVE-2025-40729

  • EPSS 0.09%
  • Veröffentlicht 16.06.2025 08:30:21
  • Zuletzt bearbeitet 09.10.2025 16:44:08

Reflected Cross-Site Scripting (XSS) in /customer_support/index.php in Customer Support System v1.0, which allows remote attackers to execute arbitrary code via the page parameter.

8.8

CVE-2025-40728

  • EPSS 0.05%
  • Veröffentlicht 16.06.2025 08:29:07
  • Zuletzt bearbeitet 09.10.2025 16:41:05

SQL injection vulnerability in Customer Support System v1.0. This vulnerability allows an authenticated attacker to retrieve, create, update and delete databases via the id parameter in the /customer_support/manage_user.php endpoint.

8.8

CVE-2023-49978

Exploit
  • EPSS 0.39%
  • Veröffentlicht 21.03.2024 02:49:38
  • Zuletzt bearbeitet 05.03.2025 18:24:35

Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators.

5.4

CVE-2023-51281

Exploit
  • EPSS 0.23%
  • Veröffentlicht 07.03.2024 01:15:52
  • Zuletzt bearbeitet 28.03.2025 14:35:27

Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters.

6.1

CVE-2023-49971

Exploit
  • EPSS 0.23%
  • Veröffentlicht 06.03.2024 01:15:07
  • Zuletzt bearbeitet 15.01.2025 16:38:44

A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customer_support/index.php?page=customer_list.

5.4

CVE-2023-49977

Exploit
  • EPSS 0.29%
  • Veröffentlicht 06.03.2024 01:15:07
  • Zuletzt bearbeitet 28.03.2025 14:35:38

A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customer_support/index.php?page=new_customer.

5.4

CVE-2023-49976

Exploit
  • EPSS 0.2%
  • Veröffentlicht 06.03.2024 01:15:07
  • Zuletzt bearbeitet 28.03.2025 14:35:34

A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customer_support/index.php?page=new_ticket.

6.1

CVE-2023-49974

Exploit
  • EPSS 0.29%
  • Veröffentlicht 06.03.2024 01:15:07
  • Zuletzt bearbeitet 28.03.2025 14:35:30

A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contact parameter at /customer_support/index.php?page=customer_list.

6.1

CVE-2023-49973

Exploit
  • EPSS 0.31%
  • Veröffentlicht 06.03.2024 01:15:07
  • Zuletzt bearbeitet 15.01.2025 16:38:19

A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customer_support/index.php?page=customer_list.