CVE-2017-14840

HIGH

TeamWork TicketPlus - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-14840. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in TicketPlus Support Ticket Management System. The vulnerability exists in the profile update functionality, allowing authenticated users to upload malicious files without proper validation.

Description

TeamWork TicketPlus allows Arbitrary File Upload in updateProfile.

Exploits (1)

exploitdb WORKING POC

by Ihsan Sencan · textwebappsphp

https://www.exploit-db.com/exploits/42796

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability in TicketPlus Support Ticket Management System. The vulnerability exists in the profile update functionality, allowing authenticated users to upload malicious files without proper validation.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: TicketPlus Support Ticket Management System

Auth required

Prerequisites: Authenticated user access · Access to the profile settings page

MITRE ATT&CK

T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42796/

Scores

CVSS v3 8.8

EPSS 0.0352

EPSS Percentile 87.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

teamworktec/ticketplus

Published Sep 28, 2017

Tracked Since Feb 18, 2026