CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-49545
https://notcve.org/view.php?id=CVE-2023-49545
01 Mar 2024 — A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization. • https://github.com/geraldoalcantara/CVE-2023-49545 • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-50070
https://notcve.org/view.php?id=CVE-2023-50070
29 Dec 2023 — Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject. Sourcecodester Customer Support System 1.0 tiene múltiples vulnerabilidades de inyección SQL en /customer_support/ajax.php?action=save_ticket a través de department_id, customer_id y subject. • https://github.com/geraldoalcantara/CVE-2023-50070 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •