CVE-2017-7446
HIGHHelpDEZk 1.1.1 - Cross-Site Request Forgery in Admin Person Management
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2017-7446. PoCs published by rungga_reksya.
AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in HelpDEZK 1.1.1 that allows an attacker to create an admin account and upload malicious PHP files via unrestricted file upload in the logos module, leading to remote code execution.
Description
HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges.
Exploits (1)
exploitdb
WORKING POC
by rungga_reksya · textwebappsphp
https://www.exploit-db.com/exploits/41824
This exploit demonstrates a CSRF vulnerability in HelpDEZK 1.1.1 that allows an attacker to create an admin account and upload malicious PHP files via unrestricted file upload in the logos module, leading to remote code execution.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target:
HelpDEZK 1.1.1
No auth needed
Prerequisites:
Victim must be authenticated as an admin or tricked into executing the CSRF attack · Network access to the target application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (4)
Core 4
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/albandes/helpdezk/issues/2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97484
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/41824/
Exploit, Technical Description, Third Party Advisory x_refsource_misc
http://rungga.blogspot.co.id/2017/04/multiple-csrf-remote-code-execution.html
Scores
CVSS v3
8.8
EPSS
0.0309
EPSS Percentile
86.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (1)
helpdezk/helpdezk
1.1.1
Published
Apr 05, 2017
Tracked Since
Feb 18, 2026