Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
ARMBot: Unauthenticated File Upload Allows Remote Code Execution
CVE-2019-25480
Summary
An attacker can upload malicious files to the ARMBot server without a password, potentially allowing them to take control of the server. This could happen if an attacker uploads a PHP file that can run on the server. To protect your server, update ARMBot to fix this issue or restrict file uploads to trusted users.
Original title
ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequen...
Original description
ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. Attackers can upload PHP files with traversal payloads ../public_html/ to write executable code to the web root and achieve remote code execution.
nvd CVSS3.1
7.5
nvd CVSS4.0
8.7
Vulnerability type
CWE-22
Path Traversal
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026