CVE-2019-25480
Unrestricted File Upload in ARMBot upload.php Enables RCE
Publication date: 2026-03-11
Last updated on: 2026-03-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "This vulnerability exists in ARMBot's upload.php script, where there is an unrestricted file upload flaw. An unauthenticated attacker can manipulate the file parameter using path traversal sequences to upload arbitrary files, including PHP scripts, to the web root directory."}, {'type': 'paragraph', 'content': 'By exploiting this, the attacker can place executable PHP code on the server, which can then be accessed and run remotely, leading to remote code execution on the affected system.'}, {'type': 'paragraph', 'content': 'A proof-of-concept exploit demonstrates sending a specially crafted POST request that uploads a PHP shell file into a web-accessible directory, confirming the ability to execute arbitrary code remotely.'}] [1]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability allows attackers to execute arbitrary code on the affected server without authentication.'}, {'type': 'list_item', 'content': "Attackers can upload malicious PHP files that run with the server's privileges."}, {'type': 'list_item', 'content': 'This can lead to full compromise of the server, including data theft, server manipulation, or using the server as a launchpad for further attacks.'}, {'type': 'list_item', 'content': 'Since the vulnerability requires no user interaction or privileges, it is highly critical and can be exploited remotely.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to upload a PHP file using the vulnerable upload.php script with a manipulated file parameter containing path traversal sequences. A practical approach is to send a POST request to the upload.php endpoint with crafted form data that tries to place a PHP shell in a web-accessible directory.'}, {'type': 'paragraph', 'content': "For example, using a Python script with the requests library, you can send a POST request to the vulnerable URL with the 'file' parameter set to a path traversal payload like '../public_html/lol/../.s.phtml' and the 'data' parameter containing a base64-encoded PHP payload such as '<?php echo 1; ?>'."}, {'type': 'paragraph', 'content': "After the upload attempt, check if the PHP shell is accessible by navigating to the uploaded file's URL (e.g., http://{host}/.s.phtml). If the PHP code executes and returns the expected output, the vulnerability is present."}, {'type': 'paragraph', 'content': 'Alternatively, you can use curl commands to simulate the POST request with the crafted parameters to test the upload functionality.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
I don't know