PatchSiren

PatchSiren cyber security CVE debrief

CVE-2018-25412 Deltasql CVE debrief

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability in docs_upload.php that permits unauthenticated remote attackers to upload malicious files via crafted multipart POST requests. The endpoint accepts PHP files without adequate validation, enabling uploaded content to be executed server-side for remote code execution. The CVSS 4.0 vector indicates network attack vector with low attack complexity, no privileges required, no user interaction, and high impacts to confidentiality, integrity, and availability. The weakness is classified as CWE-306 (Missing Authentication for Critical Function). The vendor attribution is uncertain, with the reference domain candidate pointing to Exploit Db; the product is associated with the deltasql project on SourceForge. No known exploitation in ransomware campaigns has been documented, and this CVE is not listed in CISA KEV.

Vendor
Deltasql
Product
Delta Sql
CVSS
CRITICAL 9.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-30
Original CVE updated
2026-05-30
Advisory published
2026-05-30
Advisory updated
2026-05-30

Who should care

Organizations running Delta Sql 1.8.2 or earlier versions; security teams responsible for web application protection; incident response teams monitoring for unauthenticated upload exploitation.

Technical summary

The docs_upload.php endpoint in Delta Sql 1.8.2 fails to authenticate users or validate uploaded file types, allowing attackers to submit multipart form data containing PHP files. Successful uploads to the web-accessible upload directory enable server-side execution of attacker-controlled code, resulting in unauthenticated remote code execution with high impact to confidentiality, integrity, and availability.

Defensive priority

critical

Recommended defensive actions

  • Restrict or disable access to docs_upload.php until a patched version is available.
  • Implement strict server-side file type validation, extension whitelisting, and content inspection on all upload endpoints.
  • Store uploaded files outside the web root or configure the web server to deny execution of uploaded content.
  • Apply authentication and authorization controls to sensitive upload functionality.
  • Monitor web access logs for unexpected POST requests to docs_upload.php and file execution in upload directories.
  • Review and update WAF rules to detect and block crafted multipart file upload attempts targeting this endpoint.

Evidence notes

Vulnerability description sourced from NVD record with CVSS 4.0 vector. References include the deltasql project homepage, SourceForge download page, Exploit-DB entry 45685, and a VulnCheck advisory. Vendor confidence is low and marked for review based on reference_domain_candidate evidence.

Official resources

2026-05-30