Arbitrary PHP Code Execution in HelpDEZk 1.1.1

Arbitrary PHP Code Execution in HelpDEZk 1.1.1

CVE-2017-14146 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory.

Learn more about our User Device Pen Test.