CVE-2018-25412

CRITICAL EPSS 51.0%

Published May 30, 20261mo ago · Modified Jun 17, 20261w ago

9.3 CVSS 4.0

Critical

Published May 30, 2026 1mo ago

Last Modified Jun 17, 2026 1w ago

Description

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute them on the server for remote code execution.

CVSS Details

Base Score

9.3

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

51.0% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 1

CWE-306 Missing Authentication for Critical Function Authentication

Affected Products 1

Vendor	Product	Version	Range
deltasql_project	deltasql	1.8.2	any

References 5

deltasql.sourceforge.net http://deltasql.sourceforge.net/

Product
deltasql.sourceforge.net http://deltasql.sourceforge.net/deltasql/

Product
sourceforge.net https://sourceforge.net/projects/deltasql/files/latest/download

Product
exploit-db.com https://www.exploit-db.com/exploits/45685

ExploitThird Party Advisory
vulncheck.com https://www.vulncheck.com/advisories/delta-sql-arbitrary-file-upload-via-docs-upload-php

Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.