Back to overview

CVE-2026-63082

MEDIUM Exploitation: PoC
5.4
CVSS 3.1
Description
Perfect Support Ticketing & Document Management System through 1.7 contains a broken access control vulnerability that allows authenticated attackers with Agent-level privileges to manipulate the Support Agent assignment field of tickets by bypassing intended authorization checks. Attackers can add or remove any user, including Superadmin accounts, from the Support Agent field of any ticket to which they are assigned, circumventing role-based access controls.

Metadata

CVE ID
CVE-2026-63082
State
PUBLISHED
Assigner
VulnCheck
Reserved
2026-07-15 15:45 UTC
Published
2026-07-16 15:35 UTC
Last updated
2026-07-16 16:15 UTC
Primary CWE
CWE-862
Missing Authorization
Vendor / Product
Ultimate Fosters / Perfect Support Ticketing & Document Management System
Sources
cve.org  ·  NVD

Severity & Metrics

5.4 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
SSVC — CISA Coordinator
Exploitation
PoC
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
Ultimate Fosters Perfect Support Ticketing & Document Management System 0 ≤ 1.7
Weakness (CWE)
CWESourceDescription
CWE-862 cna Missing Authorization
CVSS scores (2)
ScoreSeverityVersionSourceVector
5.4 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.3 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Back to overview