CVE-2018-25412

EUVD-2018-21934
Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute them on the server for remote code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Common Weakness Enumeration
References
http://deltasql.sourceforge.net/
http://deltasql.sourceforge.net/deltasql/
https://sourceforge.net/projects/deltasql/files/latest/download
https://www.exploit-db.com/exploits/45685
https://www.vulncheck.com/advisories/delta-sql-arbitrary-file-upload-via-docs-upload-php