CriticalPublic exploit

Unauthenticated Arbitrary File Upload RCE in Delta Sql 1.8.2 docs_upload.php

IdentifiersCVE-2018-25412CWE-306· Missing Authentication for…

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability in docs_upload.php. An unauthenticated attacker can send a crafted multipart/form-data POST request to this endpoint and upload a malicious PHP file containing attacker-controlled code into the application's upload directory. Because the uploaded PHP file can then be executed by the web server, the flaw results in remote code execution on the affected server.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows an unauthenticated remote attacker to upload and execute arbitrary PHP code on the target server. This can lead to full compromise of the application in the context of the web server process, including theft or modification of application data, deployment of web shells or other malware, and potential further system compromise depending on server configuration and privileges.

Mitigation

If you can’t patch tonight, do this now.

Restrict network access to the vulnerable application where possible. Disable or remove the vulnerable upload functionality if it is not required. Configure the web server so that files in the upload directory cannot be executed as PHP or any other server-side script. Apply allowlisting for permitted extensions and MIME types, enforce authentication on upload endpoints, and monitor for suspicious POST requests to docs_upload.php and unexpected files appearing in upload paths.

Remediation

Patch, then assume compromise.

Upgrade to a fixed version if one is available from the vendor or project maintainers. If no patched release is available, modify docs_upload.php and related upload handling to enforce strict server-side validation of allowed file types, reject executable script uploads such as .php, verify content independently of client-supplied metadata, store uploads outside the web-accessible document root, and disable execution permissions in the upload directory. Review the application for any previously uploaded malicious files and remove them.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

Deltasql ProjectDeltasqlapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

11 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

11 SOURCESView more in app

cvefeed high severityNews

May 30, 2026

CVE-2018-25412 - Delta Sql 1.8.2 Arbitrary File Upload via docs_upload.php

An arbitrary file upload vulnerability in Delta Sql 1.8.2 that allows unauthenticated attackers to upload malicious PHP files via docs_upload.php and achieve remote code execution.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity10

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2018-25412

NVD

nvd.nist.gov/vuln/detail/CVE-2018-25412

MITRE CWE · CWE-306

Missing Authentication for Critical Function

Third Party Advisory

exploit-db.com/exploits/45685

Third Party Advisory

vulncheck.com/advisories/delta-sql-arbitrary-file-upload-via-docs-upload-php

Product

deltasql.sourceforge.net

Product

deltasql.sourceforge.net/deltasql

Product

sourceforge.net/projects/deltasql/files/latest/download