CVE-2023-50071

HIGH

Customer Support System - SQL Injection

Title source: rule

Description

Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name.

Exploits (2)

exploitdb WORKING POC

by Geraldo Alcantara · textwebappsphp

https://www.exploit-db.com/exploits/51862

View Code ZIP pw:eip

nomisec WRITEUP 3 stars

by geraldoalcantara · poc

https://github.com/geraldoalcantara/CVE-2023-50071

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://github.com/geraldoalcantara/CVE-2023-50071

[Exploit, Third Party Advisory] https://medium.com/%40geraldoalcantarapro/cve-2023-50071-a20767cb3c7b

Scores

CVSS v3 8.8

EPSS 0.1107

EPSS Percentile 93.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

customer_support_system_project/customer_support_system 1.0

Published Dec 29, 2023

Tracked Since Feb 18, 2026