CVE-2017-14839
published 2017-09-28CVE-2017-14839: TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover.
PriorityP262high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
3.52%
87.8th percentile
TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover.
Detection & IOCsextracted from sources · hover to see the quote
- →Arbitrary file upload via the changeAvatar endpoint — no file type validation is performed; any file extension is accepted and stored using the client-supplied original filename. ↗
- →Arbitrary file upload via the changeCover endpoint — same lack of validation; uploaded file is moved to the 'uploads' directory under its original client-supplied name. ↗
- →Uploaded malicious files are publicly accessible under the /uploads/ directory; monitor web server logs for POST requests to changeAvatar or changeCover followed by GET requests to /uploads/ for non-image file extensions (e.g., .php, .phtml, .asp). ↗
- →Vulnerability is exploitable by any authenticated user; monitor for authenticated POST requests uploading non-image MIME types or dangerous file extensions to the changeAvatar and changeCover functions. ↗
- ·The exploit does not specify a fixed version number; all known releases of Photo Fusion (Free Stock Photos Script) by TeamWork Tec are considered affected. ↗
- ·Authentication is required to trigger the vulnerability — the upload endpoints check Auth::user() before proceeding, so unauthenticated exploitation is not possible. ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2017-09-28
Published