CVE-2018-25412

Exploit

EPSS 0.77%
Veröffentlicht 30.05.2026 14:55:18
Zuletzt bearbeitet 03.06.2026 19:26:58
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute them on the server for remote code execution.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Deltasql Project ≫ Deltasql Version1.8.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.77%	0.508

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
disclosure@vulncheck.com	9.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://www.exploit-db.com/exploits/45685

Third Party Advisory

Exploit

http://deltasql.sourceforge.net/

Product

https://sourceforge.net/projects/deltasql/files/latest/download

Product

http://deltasql.sourceforge.net/deltasql/

Product

https://www.vulncheck.com/advisories/delta-sql-arbitrary-file-upload-via-docs-upload-php

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-25412