CVE-2018-25412 | THREATINT

Description

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute them on the server for remote code execution.

PUBLISHED Reserved 2026-05-30 | Published 2026-05-30 | Updated 2026-06-02 | Assigner VulnCheck

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Missing Authentication for Critical Function

Product status

1.8.2

affected

Credits

Ihsan Sencan finder

References

www.exploit-db.com/exploits/45685 (ExploitDB-45685) exploit

deltasql.sourceforge.net/ (Official Product Homepage) product

sourceforge.net/projects/deltasql/files/latest/download (Product Reference) product

deltasql.sourceforge.net/deltasql/ (Product Reference) product

www.vulncheck.com/...bitrary-file-upload-via-docs-upload-php (VulnCheck Advisory: Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php) third-party-advisory

cve.org (CVE-2018-25412)

nvd.nist.gov (CVE-2018-25412)

Download JSON