CVE-2018-25412
published 2026-05-30CVE-2018-25412: Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to…
PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.77%
51.0th percentile
Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute them on the server for remote code execution.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| deltasql | delta_sql | — | — |
| deltasql_project | deltasql | — | — |
| gnuplot | gnuplot | >= 0 < 4.6.4-2ubuntu0.1~esm1 | 4.6.4-2ubuntu0.1~esm1 |
| gnuplot | gnuplot | >= 0 < 4.6.6-3ubuntu0.1+esm1 | 4.6.6-3ubuntu0.1+esm1 |
| gnuplot | gnuplot | >= 0 < 5.2.2+dfsg1-2ubuntu1+esm1 | 5.2.2+dfsg1-2ubuntu1+esm1 |
| gnuplot | gnuplot | >= 0 < 5.2.8+dfsg1-2ubuntu0.1~esm1 | 5.2.8+dfsg1-2ubuntu0.1~esm1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form
ghsa_unreviewed·2026-05-30
CVE-2018-25412 [CRITICAL] CWE-306 Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form
Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute them on the server for remote code execution.
VulDB
Deltasql Delta Sql 1.8.2 PHP File docs_upload.php docs_upload unrestricted upload (Exploit 45685 / EUVD-2018-21934)
vuldb·2026-05-30·CVSS 9.3
CVE-2018-25412 [CRITICAL] Deltasql Delta Sql 1.8.2 PHP File docs_upload.php docs_upload unrestricted upload (Exploit 45685 / EUVD-2018-21934)
A vulnerability, which was classified as critical, has been found in Deltasql Delta Sql 1.8.2. This impacts the function docs_upload of the file docs_upload.php of the component PHP File Handler. Performing a manipulation results in unrestricted upload.
This vulnerability is identified as CVE-2018-25412. The attack can be initiated remotely. Additionally, an exploit exists.
OSV
gnuplot vulnerabilities
osv·2025-06-23·CVSS 7.8
CVE-2018-19490 gnuplot vulnerabilities
gnuplot vulnerabilities
Tim Blazytko, Cornelius Aschermann, Sergej Schumilo, and Nils Bars
discovered that Gnuplot had several memory-related issues. An
attacker could possibly use these issues to cause Gnuplot to
experience a buffer overflow, resulting in a denial of service or
arbitrary code execution. These issues only affected Ubuntu
14.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-19490, CVE-2018-19491,
CVE-2018-19492)
It was discovered that Gnuplot could write out-of-bounds due to
the use of strncpy(). An attacker could possibly use this issue
to enable the execution of arbitrary code. This issue only
affected Ubuntu 20.04 LTS. (CVE-2020-25412)
It was discovered that Gnuplot incorrectly freed memory when
executing print_set_output(). An attacker could possibly use this
issue to enable th
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-30
Published