CRITICAL
Deltasql
CVE published 2026-05-30
CVE-2018-25412
Delta Sql 1.8.2 contains an arbitrary file upload vulnerability in docs_upload.php that permits unauthenticated remote attackers to upload malicious files via crafted multipart POST requests. The endpoint accepts PHP files without adequate validation, enabling uploaded content to be executed server-side for remote code execution. The CVSS 4.0 vector indicates network attack vector with low attack complexi [truncated]