CVE-2019-25480

HIGH

ARMBot - Unrestricted File Upload

Title source: llm

Description

ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. Attackers can upload PHP files with traversal payloads ../public_html/ to write executable code to the web root and achieve remote code execution.

Exploits (1)

exploitdb WORKING POC

by prsecurity · pythonremotemultiple

https://www.exploit-db.com/exploits/47209

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/47209

[Third Party Advisory] https://www.vulncheck.com/advisories/armbot-unrestricted-file-upload-via-upload-php

Scores

CVSS v3 7.5

EPSS 0.0020

EPSS Percentile 42.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

ARMBot/ARMBot

Published Mar 11, 2026

Tracked Since Mar 12, 2026