GCVE - cpe:2.3:a:idevspot:isupport:1.06:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:idevspot:isupport:1.06:*:*:*:*:*:*:*

part: a version: 1.06 update: *

Vendor	Idevspot (`3748d798-9f9f-5bbb-8b68-cff0780e7ddc`)
Product	Isupport (`012e4570-8d8d-5182-8c6d-522e0b662902`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2012-5326`	vulnerable	2026-06-08 05:02:56.188077	Details available Cross-site request forgery (CSRF) vulnerability in admin/function.php in IDevSpot iSupport 1.x allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via an administrators action. Published: 2012-10-08T20:00:00.000Z Updated: 2024-08-06T21:05:46.661Z Open on db.gcve.eu Reference links http://www.exploit-db.com/exploits/18404 https://exchange.xforce.ibmcloud.com/vulnerabilities/72611	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-4434`	vulnerable	2026-06-08 04:51:48.527067	Details available Directory traversal vulnerability in index.php in IDevSpot iSupport 1.8 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter. Published: 2009-12-28T18:27:00.000Z Updated: 2024-08-07T07:01:20.381Z Open on db.gcve.eu Reference links http://packetstormsecurity.org/0912-exploits/isupport-lfixss.txt http://www.osvdb.org/61110 http://www.exploit-db.com/exploits/10478 http://secunia.com/advisories/37726	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-4433`	vulnerable	2026-06-08 04:51:48.526601	Details available Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (a) 5 or (b) 9 field in a post action to ticket_function.php, reachable through ticket_submit.php and index.php; (c) the which parameter to function.php, or (d) the which parameter to index.php, related to knowledgebase_list.php. NOTE: some of these details are obtained from third party information. Published: 2009-12-28T18:27:00.000Z Updated: 2024-08-07T07:01:20.239Z Open on db.gcve.eu Reference links http://www.osvdb.org/61112 https://exchange.xforce.ibmcloud.com/vulnerabilities/54859 http://packetstormsecurity.org/0912-exploits/isupport-lfixss.txt http://www.exploit-db.com/exploits/10478 http://www.securityfocus.com/bid/37380	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-4616`	vulnerable	2026-06-08 04:48:44.435642	Details available SQL injection vulnerability in index.php in iSupport 1.06 allows remote attackers to execute arbitrary SQL commands via the include_file parameter. Published: 2006-01-04T11:00:00.000Z Updated: 2024-08-07T23:53:28.487Z Open on db.gcve.eu Reference links http://www.osvdb.org/21317 http://pridels0.blogspot.com/2005/11/isupport-1x-includefile-sql-inj.html https://exchange.xforce.ibmcloud.com/vulnerabilities/24356	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.