CVE-2023-49544 — MEDIUM (4.9)

Vulnerability Description

A local file inclusion (LFI) in Customer Support System v1 allows attackers to include internal PHP files and gain unauthorized acces via manipulation of the page= parameter at /customer_support/index.php.

CVSS Score

4.9

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Oretnom23	Customer Support System	1.0

Related Weaknesses (CWE)

CWE-89

References

https://github.com/geraldoalcantara/CVE-2023-49544ExploitThird Party Advisory
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_STechnical Description
https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqliProduct
https://github.com/geraldoalcantara/CVE-2023-49544ExploitThird Party Advisory
https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_STechnical Description
https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqliProduct

FAQ

What is CVE-2023-49544?

CVE-2023-49544 is a vulnerability with a CVSS score of 4.9 (MEDIUM). A local file inclusion (LFI) in Customer Support System v1 allows attackers to include internal PHP files and gain unauthorized acces via manipulation of the page= parameter at /customer_support/index...

How severe is CVE-2023-49544?

CVE-2023-49544 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-49544?

Check the references section above for vendor advisories and patch information. Affected products include: Oretnom23 Customer Support System.