Oretnom23 Customer Support System — known CVE vulnerabilities
Every CVE whose affected-product data names Oretnom23 Customer Support System, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2023-49547 — CVSS 9.8 (critical): Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customer_support/ajax.php?…
CVE-2023-49970 — CVSS 9.8 (critical): Customer Support System v1 was discovered to contain a SQL injection vulnerability via the subject parameter at /customer_support/ajax.php?a…
CVE-2025-70141 — CVSS 9.4 (critical): SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not…
CVE-2023-49548 — CVSS 8.8 (high): Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customer_support/ajax.php?…
CVE-2023-49546 — CVSS 8.8 (high): Customer Support System v1 was discovered to contain a SQL injection vulnerability via the email parameter at /customer_support/ajax.php.
CVE-2023-50070 — CVSS 8.8 (high): Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via…
CVE-2023-49978 — CVSS 8.8 (high): Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions…
CVE-2025-40728 — CVSS 8.8 (high): SQL injection vulnerability in Customer Support System v1.0. This vulnerability allows an authenticated attacker to retrieve, create…
CVE-2023-49545 — CVSS 7.5 (high): A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the…
CVE-2023-49968 — CVSS 7.3 (high): Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/manage_departme…
CVE-2023-49973 — CVSS 6.1 (medium): A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a…
CVE-2023-49971 — CVSS 6.1 (medium): A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a…
CVE-2023-49974 — CVSS 6.1 (medium): A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a…
CVE-2025-40729 — CVSS 6.1 (medium): Reflected Cross-Site Scripting (XSS) in /customer_support/index.php in Customer Support System v1.0, which allows remote attackers to…
CVE-2023-49976 — CVSS 5.4 (medium): A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a…
CVE-2023-51281 — CVSS 5.4 (medium): Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script…
CVE-2023-49977 — CVSS 5.4 (medium): A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a…
CVE-2023-49544 — CVSS 4.9 (medium): A local file inclusion (LFI) in Customer Support System v1 allows attackers to include internal PHP files and gain unauthorized acces via…
CVE-2023-49969 — CVSS 4.3 (medium): Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/index.php?page=…