CVE-2018-25412

CRITICAL

Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25412. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in Delta Sql 1.8.2, allowing an attacker to upload a malicious PHP file via a multipart/form-data POST request to docs_upload.php. The uploaded file can then be accessed at /upload/[FILE], leading to remote code execution.

Description

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute them on the server for remote code execution.

Exploits (1)

exploitdb WORKING POC

by Ihsan Sencan · textwebappsphp

https://www.exploit-db.com/exploits/45685

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability in Delta Sql 1.8.2, allowing an attacker to upload a malicious PHP file via a multipart/form-data POST request to docs_upload.php. The uploaded file can then be accessed at /upload/[FILE], leading to remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Delta Sql 1.8.2

No auth needed

Prerequisites: Access to the target web application · Ability to send HTTP POST requests

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 30, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit exploit

ExploitDB-45685

https://www.exploit-db.com/exploits/45685

Product product

Official Product Homepage

http://deltasql.sourceforge.net/

Product product

Product Reference

https://sourceforge.net/projects/deltasql/files/latest/download

Product product

Product Reference

http://deltasql.sourceforge.net/deltasql/

Third Party Advisory third-party-advisory

VulnCheck Advisory: Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php

https://www.vulncheck.com/advisories/delta-sql-arbitrary-file-upload-via-docs-upload-php

Scores

CVSS v3 9.8

EPSS 0.0057

EPSS Percentile 42.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-306

Status published

Products (2)

Deltasql/Delta Sql 1.8.2

deltasql_project/deltasql 1.8.2

Published May 30, 2026

Tracked Since May 30, 2026