SQL Injection Vulnerability Discovered in Customer Support System v1
CVE-2023-49546

Currently unrated

Key Information:

Vendor: Customer Support System
Status: Customer Support System
Vendor: CVE Published:; 5 March 2024

🔔 Create Customer Support System Vulnerability Alert

What is CVE-2023-49546?

A SQL injection vulnerability exists in the Customer Support System version 1, which can be exploited through the email parameter located at /customer_support/ajax.php. This flaw allows an attacker to craft malicious input that can manipulate SQL queries executed by the application, potentially leading to unauthorized access to sensitive data, data alteration, or even complete database compromise. It's crucial for users of this system to implement secure coding practices and validation measures to mitigate risks associated with such vulnerabilities.

References

https://www.sourcecodester.com/php/14587/customer-support...

https://github.com/geraldoalcantara/CVE-2023-49546

Timeline

Vulnerability published
Mar 5, 2024

JSON