PT-2025-32403 · Cuteflow · Cuteflow
Published
2025-08-08
·
Updated
2025-08-08
·
CVE-2012-10050
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
CuteFlow versions 2.11.2 and earlier
Description:
CuteFlow versions 2.11.2 and earlier contain an arbitrary file upload issue in the
restart circulation values write.php script. The application does not validate or restrict uploaded file types, allowing unauthenticated attackers to upload arbitrary PHP files to the /upload/ 1/ directory. These files are then accessible via the web server, enabling remote code execution.Recommendations:
Update CuteFlow to a version later than 2.11.2.
Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cuteflow