This exploit demonstrates an arbitrary file upload vulnerability in Helpdezk 1.1.1, allowing an attacker to upload a malicious PHP file via a multipart/form-data POST request to the manageattachments endpoint, leading to remote code execution.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:Helpdezk 1.1.1
No auth needed
Prerequisites:Access to the target web application · Ability to send HTTP requests to the vulnerable endpoint