CVE-2026-63082 PUBLISHED

Perfect Support Ticketing System 1.7 Broken Access Control via Agent Assignment

Assigner: VulnCheck
Reserved: 15.07.2026 Published: 16.07.2026 Updated: 16.07.2026

Perfect Support Ticketing & Document Management System through 1.7 contains a broken access control vulnerability that allows authenticated attackers with Agent-level privileges to manipulate the Support Agent assignment field of tickets by bypassing intended authorization checks. Attackers can add or remove any user, including Superadmin accounts, from the Support Agent field of any ticket to which they are assigned, circumventing role-based access controls.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
CVSS Score: 5.3

Product Status

Vendor Ultimate Fosters
Product Perfect Support Ticketing & Document Management System
Versions Default: affected
  • affected from 0 to 1.7 (incl.)

Credits

  • Aaron Amran Bin Amiruddin finder
  • Shahrul Nizam Bin Shahrin finder

References

Problem Types

  • Missing Authorization CWE