Search
Find a vulnerability
Search criteria
2 vulnerabilities found for deltasql by deltasql_project
CVE-2018-25412 (GCVE-0-2018-25412)
Vulnerability from nvd – Published: 2026-05-30 14:55 – Updated: 2026-06-02 02:00
VLAI
EPSS
VEX
Title
Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php
Summary
Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute them on the server for remote code execution.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45685 | exploit |
| http://deltasql.sourceforge.net/ | product |
| https://sourceforge.net/projects/deltasql/files/l… | product |
| http://deltasql.sourceforge.net/deltasql/ | product |
| https://www.vulncheck.com/advisories/delta-sql-ar… | third-party-advisory |
Date Public
2018-10-25 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25412",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T02:00:45.460759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T02:00:58.029Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Delta Sql",
"vendor": "Deltasql",
"versions": [
{
"status": "affected",
"version": "1.8.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ihsan Sencan"
}
],
"datePublic": "2018-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute them on the server for remote code execution."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-30T14:55:18.571Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-45685",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45685"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://deltasql.sourceforge.net/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "https://sourceforge.net/projects/deltasql/files/latest/download"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "http://deltasql.sourceforge.net/deltasql/"
},
{
"name": "VulnCheck Advisory: Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/delta-sql-arbitrary-file-upload-via-docs-upload-php"
}
],
"title": "Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25412",
"datePublished": "2026-05-30T14:55:18.571Z",
"dateReserved": "2026-05-30T12:32:05.035Z",
"dateUpdated": "2026-06-02T02:00:58.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-25412 (GCVE-0-2018-25412)
Vulnerability from cvelistv5 – Published: 2026-05-30 14:55 – Updated: 2026-06-02 02:00
VLAI
EPSS
VEX
Title
Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php
Summary
Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute them on the server for remote code execution.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45685 | exploit |
| http://deltasql.sourceforge.net/ | product |
| https://sourceforge.net/projects/deltasql/files/l… | product |
| http://deltasql.sourceforge.net/deltasql/ | product |
| https://www.vulncheck.com/advisories/delta-sql-ar… | third-party-advisory |
Date Public
2018-10-25 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25412",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T02:00:45.460759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T02:00:58.029Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Delta Sql",
"vendor": "Deltasql",
"versions": [
{
"status": "affected",
"version": "1.8.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ihsan Sencan"
}
],
"datePublic": "2018-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute them on the server for remote code execution."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-30T14:55:18.571Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-45685",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45685"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://deltasql.sourceforge.net/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "https://sourceforge.net/projects/deltasql/files/latest/download"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "http://deltasql.sourceforge.net/deltasql/"
},
{
"name": "VulnCheck Advisory: Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/delta-sql-arbitrary-file-upload-via-docs-upload-php"
}
],
"title": "Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25412",
"datePublished": "2026-05-30T14:55:18.571Z",
"dateReserved": "2026-05-30T12:32:05.035Z",
"dateUpdated": "2026-06-02T02:00:58.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}