CVE-2017-14704

HIGH

Claydip Laravel Airbnb Clone 1.0 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-14704. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary The exploit demonstrates an arbitrary file upload vulnerability in Claydip Laravel Airbnb Clone 1.0. The vulnerable endpoints allow uploading files with arbitrary extensions, including PHP, leading to potential remote code execution (RCE).

Description

Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile.

Exploits (1)

exploitdb WORKING POC

by Ihsan Sencan · textwebappsphp

https://www.exploit-db.com/exploits/42773

View Code ZIP pw:eip

The exploit demonstrates an arbitrary file upload vulnerability in Claydip Laravel Airbnb Clone 1.0. The vulnerable endpoints allow uploading files with arbitrary extensions, including PHP, leading to potential remote code execution (RCE).

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Claydip Laravel Airbnb Clone 1.0

Auth required

Prerequisites: Access to the vulnerable endpoints · Valid user session

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1204 - User Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42773/

Scores

CVSS v3 8.8

EPSS 0.0848

EPSS Percentile 94.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

claydip/airbnb_clone 1.0

Published Sep 26, 2017

Tracked Since Feb 18, 2026