CVE-2017-14838
published 2017-09-28CVE-2017-14838: TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange.
PriorityP262high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
3.52%
87.8th percentile
TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange.
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for file uploads to the 'uploads/' directory via the profileChange endpoint (POST to profile path) where the uploaded file extension is not restricted to image types — arbitrary files including PHP webshells can be uploaded. ↗
- →Monitor for file uploads to the 'uploads/' directory via the coverChange endpoint — same unrestricted file move logic applies, allowing arbitrary file upload by authenticated Job Seeker or Employer users. ↗
- →Detect HTTP requests to /uploads/[FILE] shortly after a POST to /profile/[UserName] or a cover change endpoint, especially for non-image MIME types or executable extensions (e.g., .php, .phtml). ↗
- →The vulnerable functions are profileChange and coverChange — alert on POST requests targeting these controller actions with multipart file uploads containing non-image content. ↗
- ·No version number is specified for the vulnerable software; all known deployments of Job Links (Complete Job Management Script) by TeamWork should be treated as potentially vulnerable. ↗
- ·Exploitation requires an authenticated session as either a Job Seeker or Employer role — unauthenticated exploitation is not indicated by the source material. ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2017-09-28
Published