Access Control Flaw in Customer Support System by SourceCodester
CVE-2023-49978

8.8HIGH

Key Information:

Vendor: SourceCodester
Status: Customer Support System
Vendor: CVE Published:; 21 March 2024

Summary

A security gap in the Customer Support System version 1 allows users without administrative privileges to gain unauthorized access to admin-level pages. This flaw can enable these non-admin users to execute actions that should be reserved for administrators, posing significant risks to the integrity and confidentiality of sensitive data and functionalities within the system.

References

https://www.sourcecodester.com/php/14587/customer-support...

https://github.com/geraldoalcantara/CVE-2023-49978

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 21, 2024
Vulnerability Reserved
Dec 4, 2023