CVE-2015-9263
published 2018-08-27CVE-2015-9263: An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary…
PriorityP271critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
11.90%
95.6th percentile
An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| idera | up.time_monitoring_station | <= 7.2 | — |
| idera | uptime_infrastructure_monitor | — | — |
| idera | uptime_infrastructure_monitor | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP POST requests targeting post2file.php in Up.Time Monitoring Station for file upload attempts, especially uploads of .php files. ↗
- →The vendor mitigation for the original file upload vulnerability (uptime_file_upload_1) can be bypassed; monitor for privilege escalation activity following file upload attempts on post2file.php. ↗
- ·Affected versions are specifically Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13); detections should be scoped to these builds. ↗
- ·The vendor applied a mitigation against the original exploit vector (uptime_file_upload_1), but a bypass exists; do not assume patching the first vector fully remediates the risk. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7x48-359h-28rm: An unauthenticated arbitrary file upload vulnerability exists in Idera Up
ghsa_unreviewed·2025-07-16·CVSS 9.8
CVE-2025-34121 [CRITICAL] CWE-306 GHSA-7x48-359h-28rm: An unauthenticated arbitrary file upload vulnerability exists in Idera Up
An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station versions up to and including 7.2. The `wizards/post2file.php` script accepts arbitrary POST parameters, allowing attackers to upload crafted PHP files to the webroot. Successful exploitation results in remote code execution as the web server user. NOTE: The bypass for this vulnerability is tracked as CVE-2015-9263.
GHSA
GHSA-mvjg-3vh9-6w4q: An issue was discovered in post2file
ghsa_unreviewed·2022-05-14
CVE-2015-9263 [CRITICAL] CWE-434 GHSA-mvjg-3vh9-6w4q: An issue was discovered in post2file
An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands.
No detection rules found.
No writeups or analysis indexed.
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5254.phphttps://www.exploit-db.com/exploits/37888/https://www.rapid7.com/db/modules/exploit/multi/http/uptime_file_upload_2http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5254.phphttps://www.exploit-db.com/exploits/37888/https://www.rapid7.com/db/modules/exploit/multi/http/uptime_file_upload_2
2018-08-27
Published