CVE-2025-70141 - Customer Support System 1.0: Unauthenticated Broken Access Control via ajax.php

Unauthenticated remote attacker can create/delete users including admin, manipulate tickets and departments via unprotected ajax.php dispatcher in Customer Support System.