Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
RCE
PHP
Authentication Bypass
File Upload
NVD
Exploit-DB
VulDB
CVSS 4.0
9.3
EPSS
0.2%