CVE-2018-25412NVD

Vulnerability Summary

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute them on the server for remote code execution.

Severity Level

CRITICAL(9.8)

Published Date

May 30, 2026

Last Modified

Jun 2, 2026

Exploitation Status

UNKNOWN

Root Weakness (CWE)

N/A

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://www.exploit-db.com/exploits/45685
http://deltasql.sourceforge.net/
https://sourceforge.net/projects/deltasql/files/latest/download
http://deltasql.sourceforge.net/deltasql/
https://www.vulncheck.com/advisories/delta-sql-arbitrary-file-upload-via-docs-upload-php