Oretnom23 Customer Support System
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Oretnom23 Customer Support System.
By the Year
In 2026 there have been 0 vulnerabilities in Oretnom23 Customer Support System. Customer Support System did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 15 | 7.00 |
| 2023 | 1 | 8.80 |
It may take a day or so for new Customer Support System vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Oretnom23 Customer Support System Security Vulnerabilities
CVE-2023-49978: ACL Bypass in Customer Support Sys v1 admin pages
CVE-2023-49978
8.8 - High
- March 21, 2024
Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators.
Customer Support System 1.0 XSS in form fields
CVE-2023-51281
- March 07, 2024
Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters.
XSS via email param in Customer Support System v1
CVE-2023-49973
6.1 - Medium
- March 06, 2024
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customer_support/index.php?page=customer_list.
XSS
CS System v1 XSS via firstname param in customer_list page
CVE-2023-49971
6.1 - Medium
- March 06, 2024
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customer_support/index.php?page=customer_list.
XSS
CVE-2023-49977: XSS in CUS v1 via crafted address param
CVE-2023-49977
- March 06, 2024
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customer_support/index.php?page=new_customer.
XSS in Customer Support System v1 via subject param
CVE-2023-49976
- March 06, 2024
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customer_support/index.php?page=new_ticket.
Customer Support System v1 XSS via contact param on /index.php?page=customer_list
CVE-2023-49974
- March 06, 2024
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contact parameter at /customer_support/index.php?page=customer_list.
SQL Injection in Customer Support System: subject param via /ajax.php
CVE-2023-49970
- March 05, 2024
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the subject parameter at /customer_support/ajax.php?action=save_ticket.
SQLi in Customer Support System v1 via id param
CVE-2023-49969
- March 05, 2024
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/index.php?page=edit_customer.
CVE-2023-49968: SQLi in Customer Support System v1 manage_department.php
CVE-2023-49968
- March 05, 2024
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/manage_department.php.
CVE-2023-49548: SQLi in Customer Support System via lastname param
CVE-2023-49548
- March 05, 2024
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customer_support/ajax.php?action=save_user.
SQLi via username in customer_support/ajax.php of Customer Support System v1
CVE-2023-49547
- March 05, 2024
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customer_support/ajax.php?action=login.
CVE-2023-49546: SQLi via email in Customer Support System v1 ajax.php
CVE-2023-49546
- March 05, 2024
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the email parameter at /customer_support/ajax.php.
Directory Listing in Customer Support System v1 (CVE-2023-49545)
CVE-2023-49545
- March 01, 2024
A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization.
LFI in Customer Support System v1 via page param
CVE-2023-49544
- March 01, 2024
A local file inclusion (LFI) in Customer Support System v1 allows attackers to include internal PHP files and gain unauthorized acces via manipulation of the page= parameter at /customer_support/index.php.
SQLi in Sourcecodester Customer Support 1.0 (ajax.php)
CVE-2023-50070
8.8 - High
- December 29, 2023
Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject.
SQL Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Oretnom23 Customer Support System or by Oretnom23? Click the Watch button to subscribe.
