CVE-2019-25579

HIGH 7.5

phpTransformer 2016.9 Directory Traversal via jQueryFileUpload

CVSS Score

7.5

EPSS Score

1.9%

EPSS Percentile

83th

phpTransformer 2016.9 contains a directory traversal vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the path parameter. Attackers can send requests to the jQueryFileUploadmaster server endpoint with traversal sequences ../../../../../../ to list and retrieve files outside the intended directory.

CWE	CWE-22
Vendor	phptransformer
Product	phptransformer
Published	Mar 21, 2026
Last Updated	Mar 24, 2026

Stay Ahead of the Next One

Get instant alerts for phptransformer phptransformer

Be the first to know when new high vulnerabilities affecting phptransformer phptransformer are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

Phptransformer / phpTransformer

2016.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/46192 phptransformer.com: http://phptransformer.com/ netcologne.dl.sourceforge.net: https://netcologne.dl.sourceforge.net/project/phptransformer/Version%202016.9/release_2016.9.zip vulncheck.com: https://www.vulncheck.com/advisories/phptransformer-directory-traversal-via-jqueryfileupload

Credits

Ihsan Sencan