Unrated severityNVD Advisory· Published Mar 21, 2026· Updated Mar 24, 2026

phpTransformer 2016.9 Directory Traversal via jQueryFileUpload

CVE-2019-25579

Description

phpTransformer 2016.9 contains a directory traversal vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the path parameter. Attackers can send requests to the jQueryFileUploadmaster server endpoint with traversal sequences ../../../../../../ to list and retrieve files outside the intended directory.

Affected products

phpTransformer/phpTransformerllm-create
Range: = 2016.9
Phptransformer/phpTransformerv5
Range: 2016.9

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/46192mitreexploit
www.vulncheck.com/advisories/phptransformer-directory-traversal-via-jqueryfileuploadmitrethird-party-advisory
phptransformer.commitreproduct
netcologne.dl.sourceforge.net/project/phptransformer/Version%202016.9/release_2016.9.zipmitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000