cbcvebase.

Idevspot Isupport vulnerabilities

6 known vulnerabilities affecting idevspot/isupport.

Total CVEs
6
CISA KEV
0
Public exploits
5
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2007-6539P3MEDIUMCVSS 6.8PoCv1.82007-12-27
CVE-2007-6539 [MEDIUM] CWE-94 CVE-2007-6539: PHP local file inclusion vulnerability in index.php in IDevspot iSupport 1.8 allows remote attackers PHP local file inclusion vulnerability in index.php in IDevspot iSupport 1.8 allows remote attackers to include local files via the include_file parameter.
nvd
CVE-2009-4434P4MEDIUMCVSS 5.0PoC≤ 1.8v1.02+1 more2009-12-28
CVE-2009-4434 [MEDIUM] CWE-22 CVE-2009-4434: Directory traversal vulnerability in index.php in IDevSpot iSupport 1.8 and earlier allows remote at Directory traversal vulnerability in index.php in IDevSpot iSupport 1.8 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter.
nvd
CVE-2012-5326P4MEDIUMCVSS 6.8PoCv1.0v1.02+2 more2012-10-08
CVE-2012-5326 [MEDIUM] CWE-352 CVE-2012-5326: Cross-site request forgery (CSRF) vulnerability in admin/function.php in IDevSpot iSupport 1.x allow Cross-site request forgery (CSRF) vulnerability in admin/function.php in IDevSpot iSupport 1.x allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via an administrators action.
nvd
CVE-2009-4433P4MEDIUMCVSS 4.3PoC≤ 1.8v1.02+1 more2009-12-28
CVE-2009-4433 [MEDIUM] CWE-79 CVE-2009-4433: Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 and earlier allow remot Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (a) 5 or (b) 9 field in a post action to ticket_function.php, reachable through ticket_submit.php and index.php; (c) the which parameter to function.php, or (d) the which parameter to index.php,
nvd
CVE-2006-4884P4MEDIUMCVSS 4.3PoCv1.82006-09-19
CVE-2006-4884 [MEDIUM] CVE-2006-4884: Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 allow remote attackers Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 allow remote attackers to inject arbitrary web script or HTML via (1) the suser parameter in support/rightbar.php, (2) the ticket_id parameter in support/open_tickets.php, and (3) the cons_page_title parameter in index.php. NOTE: the provenance of this information is unknown; the deta
nvd
CVE-2005-4616P4HIGHCVSS 7.5v1.062005-12-31
CVE-2005-4616 [HIGH] CVE-2005-4616: SQL injection vulnerability in index.php in iSupport 1.06 allows remote attackers to execute arbitra SQL injection vulnerability in index.php in iSupport 1.06 allows remote attackers to execute arbitrary SQL commands via the include_file parameter.
nvd
Idevspot Isupport vulnerabilities | cvebase