Advisories

Perfect Support Ticketing System 1.7 Broken Access Control via Agent Assignment

Go Back
severity
medium
date
Affecting
  • Perfect Support Ticketing & Document Management System <= 1.7

  • An affected version range remains undefined

CWE
  • CWE-862 Missing Authorization
CVSS
5.3
CVSS V4 Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Credit
Aaron Amran Bin Amiruddin, Shahrul Nizam Bin Shahrin
Description
Perfect Support Ticketing & Document Management System through 1.7 contains a broken access control vulnerability that allows authenticated attackers with Agent-level privileges to manipulate the Support Agent assignment field of tickets by bypassing intended authorization checks. Attackers can add or remove any user, including Superadmin accounts, from the Support Agent field of any ticket to which they are assigned, circumventing role-based access controls.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.
  • Vulnerability Prioritization
    Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
  • Early Warning System
    Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.