CVE-2019-25480 HIGH

CVE-2019-25480: ARMBot Unrestricted File Upload via upload.php

Vendor Armbot

Product ARMBot

Weakness CWE-22 · Path traversal

Published March 11, 2026

Last update April 7, 2026

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

Description

ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. Attackers can upload PHP files with traversal payloads ../public_html/ to write executable code to the web root and achieve remote code execution.

Key dates

Disclosure timeline

March 11, 2026 CVE published

April 7, 2026 Record updated