Unrated severityNVD Advisory· Published Mar 21, 2026· Updated Mar 24, 2026
phpTransformer 2016.9 Directory Traversal via jQueryFileUpload
CVE-2019-25579
Description
phpTransformer 2016.9 contains a directory traversal vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the path parameter. Attackers can send requests to the jQueryFileUploadmaster server endpoint with traversal sequences ../../../../../../ to list and retrieve files outside the intended directory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2= 2016.9+ 1 more
- (no CPE)range: = 2016.9
- (no CPE)range: 2016.9
Patches
Vulnerability mechanics
References
4- www.exploit-db.com/exploits/46192mitreexploit
- www.vulncheck.com/advisories/phptransformer-directory-traversal-via-jqueryfileuploadmitrethird-party-advisory
- phptransformer.commitreproduct
- netcologne.dl.sourceforge.net/project/phptransformer/Version%202016.9/release_2016.9.zipmitreproduct
News mentions
0No linked articles in our index yet.