Description

CuteFlow version 2.11.2 and earlier contains an arbitrary file upload vulnerability in the restart_circulation_values_write.php script. The application fails to validate or restrict uploaded file types, allowing unauthenticated attackers to upload arbitrary PHP files to the upload/___1/ directory. These files are then accessible via the web server, enabling remote code execution.

INFO

Published Date :

2025-08-08T18:10:03.287Z

Last Modified :

2026-04-07T14:02:44.049Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2012-10050 vulnerability.

Vendors Products
Cuteflow
  • Cuteflow
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2012-10050.

URL Resource
http://web.archive.org/web/20210922054637/https://itsecuritysolutions.org/2012-07-01-CuteFlow-2.11.2-multiple-security-vulnerabilities/ cve-icon cve-icon
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/cuteflow_upload_exec.rb cve-icon cve-icon cve-icon
https://sourceforge.net/projects/cuteflow/ cve-icon cve-icon
https://web.archive.org/web/20120729071444/http://www.cuteflow.org/ cve-icon cve-icon
https://www.exploit-db.com/exploits/20111 cve-icon cve-icon cve-icon
https://www.vulncheck.com/advisories/cuteflow-arbitrary-file-upload-rce cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability