CVE-2017-14146 (helpdezk)
HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezkappuploadshelpdezkattachments directory.
Source: CVE-2017-14146 (helpdezk)