cbcvebase.
CVE-2017-14838
published 2017-09-28

CVE-2017-14838: TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange.

PriorityP262high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
3.52%
87.8th percentile
TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange.

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://localhost/[PATH]/profile/[UserName]
urlhttp://localhost/[PATH]/uploads/[FILE]
pathuploads/
  • Monitor for file uploads to the 'uploads/' directory via the profileChange endpoint (POST to profile path) where the uploaded file extension is not restricted to image types — arbitrary files including PHP webshells can be uploaded.
  • Monitor for file uploads to the 'uploads/' directory via the coverChange endpoint — same unrestricted file move logic applies, allowing arbitrary file upload by authenticated Job Seeker or Employer users.
  • Detect HTTP requests to /uploads/[FILE] shortly after a POST to /profile/[UserName] or a cover change endpoint, especially for non-image MIME types or executable extensions (e.g., .php, .phtml).
  • The vulnerable functions are profileChange and coverChange — alert on POST requests targeting these controller actions with multipart file uploads containing non-image content.
  • ·No version number is specified for the vulnerable software; all known deployments of Job Links (Complete Job Management Script) by TeamWork should be treated as potentially vulnerable.
  • ·Exploitation requires an authenticated session as either a Job Seeker or Employer role — unauthenticated exploitation is not indicated by the source material.

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.