CVE-2017-14146

Name of the Vulnerable Software and Affected Versions HelpDEZk version 1.1.1

Description The issue allows remote authenticated users to execute arbitrary PHP code. This can be achieved by uploading a .php attachment and then requesting it in the "helpdezkappuploadshelpdezkattachments" directory.

Recommendations For HelpDEZk version 1.1.1, consider restricting access to the "helpdezkappuploadshelpdezkattachments" directory to prevent exploitation. Additionally, disabling the ability to upload .php attachments can serve as a temporary workaround until a patch is available.