Perfect Support Ticketing & Document Management System through 1.7 contains a broken access control vulnerability that allows authenticated attackers with Agent-level privileges to manipulate the Support Agent assignment field of tickets by bypassing intended authorization checks. Attackers can add or remove any user, including Superadmin accounts, from the Support Agent field of any ticket to which they are assigned, circumventing role-based access controls.
Metrics
Affected Vendors & Products
References
History
Thu, 16 Jul 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 16 Jul 2026 16:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Perfect Support Ticketing & Document Management System through 1.7 contains a broken access control vulnerability that allows authenticated attackers with Agent-level privileges to manipulate the Support Agent assignment field of tickets by bypassing intended authorization checks. Attackers can add or remove any user, including Superadmin accounts, from the Support Agent field of any ticket to which they are assigned, circumventing role-based access controls. | |
| Title | Perfect Support Ticketing System 1.7 Broken Access Control via Agent Assignment | |
| Weaknesses | CWE-862 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-16T16:15:50.464Z
Reserved: 2026-07-15T15:45:44.600Z
Link: CVE-2026-63082
Updated: 2026-07-16T16:15:45.672Z
No data.
No data.
OpenCVE Enrichment
No data.