CVE-2019-25480

HIGH

ARMBot - Unauthenticated Arbitrary File Upload and Remote Code Execution via upload.php Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25480. PoCs published by prsecurity.

AI-analyzed exploit summary This exploit leverages a path traversal vulnerability in ARMBot's upload.php to write a PHP shell to an arbitrary location. The payload is a base64-encoded PHP snippet that executes arbitrary code, demonstrating remote code execution (RCE).

Description

ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. Attackers can upload PHP files with traversal payloads ../public_html/ to write executable code to the web root and achieve remote code execution.

Exploits (1)

exploitdb WORKING POC
by prsecurity · pythonremotemultiple
https://www.exploit-db.com/exploits/47209

This exploit leverages a path traversal vulnerability in ARMBot's upload.php to write a PHP shell to an arbitrary location. The payload is a base64-encoded PHP snippet that executes arbitrary code, demonstrating remote code execution (RCE).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: ARMBot (version not specified)
No auth needed
Prerequisites: Access to the upload.php endpoint · Ability to send HTTP POST requests
devstral-2 · analyzed Mar 12, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/47209

Scores

CVSS v3 7.5
EPSS 0.0072
EPSS Percentile 49.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (1)
ARMBot/ARMBot
Published Mar 11, 2026
Tracked Since Mar 12, 2026