CVE-2023-50070: SQL Injection
First published: Fri Dec 29 2023(Updated: )
Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the CVE ID for the SQL injection vulnerabilities in the Customer Support System?
The CVE ID for the SQL injection vulnerabilities in the Customer Support System is CVE-2023-50070.
What components of the Customer Support System are affected by CVE-2023-50070?
CVE-2023-50070 affects the /customer_support/ajax.php?action=save_ticket endpoint, specifically the department_id, customer_id, and subject parameters.
What kind of vulnerabilities does CVE-2023-50070 contain?
CVE-2023-50070 contains multiple SQL injection vulnerabilities.
How severe is the vulnerability identified as CVE-2023-50070?
The severity of CVE-2023-50070 is contingent upon the exploitability and environment, but it poses significant risks due to SQL injection.
How do I mitigate the vulnerabilities listed in CVE-2023-50070?
To mitigate CVE-2023-50070, it's essential to sanitize and validate inputs for the affected parameters to prevent SQL injection.
- agent/references
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/severity
- agent/event
- agent/author
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/description
- agent/source
- vendor/oretnom23
- canonical/oretnom23 customer support system
- version/oretnom23 customer support system/1.0