Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
CVE-2018-25412: Delta Sql 1.8.2 allows malicious file uploads
CVE-2018-25412
Summary
An attacker can upload any type of file, including malicious PHP files, to Delta Sql's server. This could allow the attacker to execute their own code on the server, potentially leading to unauthorized access or data theft. To protect against this, update Delta Sql to a patched version or restrict file uploads to trusted users.
Original title
Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart fo...
Original description
Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute them on the server for remote code execution.
nvd CVSS3.1
9.8
nvd CVSS4.0
9.3
Vulnerability type
CWE-306
Missing Authentication for Critical Function
Published: 30 May 2026 · Updated: 1 Jun 2026 · First seen: 30 May 2026