Vulnerability Description
Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the folder parameter.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Helpdezk | Helpdezk | <= 1.0.1 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/128979/HelpDEZk-1.0.1-Unrestricted-File-UplExploitThird Party AdvisoryVDB Entry
- https://www.htbridge.com/advisory/HTB23239ExploitThird Party Advisory
- http://packetstormsecurity.com/files/128979/HelpDEZk-1.0.1-Unrestricted-File-UplExploitThird Party AdvisoryVDB Entry
- https://www.htbridge.com/advisory/HTB23239ExploitThird Party Advisory
FAQ
What is CVE-2014-8337?
CVE-2014-8337 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an ex...
How severe is CVE-2014-8337?
CVE-2014-8337 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2014-8337?
Check the references section above for vendor advisories and patch information. Affected products include: Helpdezk Helpdezk.