CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49969
https://notcve.org/view.php?id=CVE-2023-49969
04 Mar 2024 — Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/index.php?page=edit_customer. Se descubrió que Customer Support System v1 contiene una vulnerabilidad de inyección SQL a través del parámetro id en /customer_support/index.php?page=edit_customer. • https://github.com/geraldoalcantara/CVE-2023-49969 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49970
https://notcve.org/view.php?id=CVE-2023-49970
04 Mar 2024 — Customer Support System v1 was discovered to contain a SQL injection vulnerability via the subject parameter at /customer_support/ajax.php?action=save_ticket. Se descubrió que Customer Support System v1 contenía una vulnerabilidad de inyección SQL a través del parámetro de asunto en /customer_support/ajax.php?action=save_ticket. • https://github.com/geraldoalcantara/CVE-2023-49970 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49544
https://notcve.org/view.php?id=CVE-2023-49544
01 Mar 2024 — A local file inclusion (LFI) in Customer Support System v1 allows attackers to include internal PHP files and gain unauthorized acces via manipulation of the page= parameter at /customer_support/index.php. • https://github.com/geraldoalcantara/CVE-2023-49544 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49545
https://notcve.org/view.php?id=CVE-2023-49545
01 Mar 2024 — A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization. • https://github.com/geraldoalcantara/CVE-2023-49545 • CWE-284: Improper Access Control •