CVE-2025-70141

all versions

SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher doe

9.4CRITICAL

CVE-2025-40729

all versions

Reflected Cross-Site Scripting (XSS) in /customer_support/index.php in Customer Support System v1.0, which allows remote attackers

6.1MEDIUM

CVE-2025-40728

all versions

SQL injection vulnerability in Customer Support System v1.0. This vulnerability allows an authenticated attacker to retrieve, crea

8.8HIGH

CVE-2023-49978

all versions

Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute a

8.8HIGH

CVE-2023-51281

all versions

Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted

5.4MEDIUM

CVE-2023-49977

all versions

A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML

5.4MEDIUM

CVE-2023-49976

all versions

A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML

5.4MEDIUM

CVE-2023-49974

all versions

A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML

6.1MEDIUM

CVE-2023-49973

all versions

A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML

6.1MEDIUM

CVE-2023-49971

all versions

A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML

6.1MEDIUM

CVE-2023-49970

all versions

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the subject parameter at /customer_support/

9.8CRITICAL

CVE-2023-49969

all versions

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/index

4.3MEDIUM

CVE-2023-49968

all versions

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/manag

7.3HIGH

CVE-2023-49548

all versions

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customer_support

8.8HIGH

CVE-2023-49547

all versions

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customer_support

9.8CRITICAL

CVE-2023-49546

all versions

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the email parameter at /customer_support/aj

8.8HIGH

CVE-2023-49545

all versions

A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within th

7.5HIGH

CVE-2023-49544

all versions

A local file inclusion (LFI) in Customer Support System v1 allows attackers to include internal PHP files and gain unauthorized ac

4.9MEDIUM

CVE-2023-50071

all versions

Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_de

8.8HIGH

CVE-2023-50070

all versions

Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ti

8.8HIGH