CVE-2015-9263

CRITICAL

Idera Up.Time Monitoring Station 7.5.0/7.4.0 - Unrestricted File Upload via post2file.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-9263. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates arbitrary command execution in up.time 7.5.0 by leveraging privilege escalation, CSRF, and file manipulation to execute system commands with SYSTEM privileges. It chains multiple forms to log in, escalate privileges, and create a monitor that renames a file to a PHP shell.

Description

An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands.

Exploits (1)

exploitdb WORKING POC VERIFIED

by LiquidWorm · textwebappsphp

https://www.exploit-db.com/exploits/37888

View Code ZIP pw:eip

This exploit demonstrates arbitrary command execution in up.time 7.5.0 by leveraging privilege escalation, CSRF, and file manipulation to execute system commands with SYSTEM privileges. It chains multiple forms to log in, escalate privileges, and create a monitor that renames a file to a PHP shell.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: up.time 7.5.0 (build 16) and 7.4.0 (build 13)

Auth required

Prerequisites: Valid credentials for initial login · Network access to the target application

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory x_refsource_misc

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5254.php

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/37888/

Third Party Advisory x_refsource_misc

https://www.rapid7.com/db/modules/exploit/multi/http/uptime_file_upload_2

Scores

CVSS v3 9.8

EPSS 0.6338

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (2)

idera/uptime_infrastructure_monitor 7.4.0

idera/uptime_infrastructure_monitor 7.5.0

Published Aug 27, 2018

Tracked Since Feb 18, 2026