CVE-2023-50070

Name of the Vulnerable Software and Affected Versions Sourcecodester Customer Support System version 1.0

Description The issue concerns multiple SQL injection vulnerabilities in the /customer support/ajax.php?action=save ticket endpoint via department id, customer id, and subject. This allows for potential exploitation.

Recommendations For version 1.0, consider disabling the /customer support/ajax.php?action=save ticket endpoint until a patch is available. Restrict access to the department id, customer id, and subject parameters in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.