Search
Search Results (7 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-13558 | 1 Codeastro | 1 Complaint Management System | 2026-06-29 | 3.5 Low |
| A security flaw has been discovered in CodeAstro Complaint Management System 1.0. This issue affects some unknown processing of the file /report/addreport of the component Report Handler. Performing a manipulation of the argument Report Title results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-13549 | 1 Codeastro | 1 Complaint Management System | 2026-06-29 | 5.4 Medium |
| A security flaw has been discovered in CodeAstro Complaint Management System 1.0. The affected element is the function deletereport of the file application/controllers/Report.php of the component Report Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2024-56889 | 1 Codeastro | 1 Complaint Management System | 2025-04-18 | 7.5 High |
| Incorrect access control in the endpoint /admin/m_delete.php of CodeAstro Complaint Management System v1.0 allows unauthorized attackers to arbitrarily delete complaints via modification of the id parameter. | ||||
| CVE-2024-55505 | 1 Codeastro | 1 Complaint Management System | 2025-04-17 | 8.8 High |
| An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the mess-view.php component. | ||||
| CVE-2024-55506 | 1 Codeastro | 1 Complaint Management System | 2025-04-03 | 8.8 High |
| An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 (version with 0 updates) enables an attacker to execute arbitrary code and obtain sensitive information via the delete.php file and modifying the id parameter. | ||||
| CVE-2024-55509 | 1 Codeastro | 1 Complaint Management System | 2025-04-03 | 9.8 Critical |
| SQL injection vulnerability in CodeAstro Complaint Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via the id parameter of the delete.php component. | ||||
| CVE-2024-55507 | 1 Codeastro | 1 Complaint Management System | 2025-04-03 | 9.8 Critical |
| An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the delete_e.php component. | ||||
Page 1 of 1.