CVE-2012-10050

Exploit

EPSS 62.13%
Veröffentlicht 08.08.2025 18:10:03
Zuletzt bearbeitet 08.08.2025 20:30:18
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

CuteFlow version 2.11.2 and earlier contains an arbitrary file upload vulnerability in the restart_circulation_values_write.php script. The application fails to validate or restrict uploaded file types, allowing unauthenticated attackers to upload arbitrary PHP files to the upload/___1/ directory. These files are then accessible via the web server, enabling remote code execution.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerCuteFlow.org

≫

Produkt CuteFlow

Default Statusunaffected

Version <= 2.11.2

Version *

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	62.13%	0.983

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	9.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://web.archive.org/web/20120729071444/http://www.cuteflow.org/

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/cuteflow_upload_exec.rb

https://www.exploit-db.com/exploits/20111

http://web.archive.org/web/20210922054637/https://itsecuritysolutions.org/2012-07-01-CuteFlow-2.11.2-multiple-security-vulnerabilities/

https://sourceforge.net/projects/cuteflow/

https://www.vulncheck.com/advisories/cuteflow-arbitrary-file-upload-rce

https://nvd.nist.gov/vuln/detail/CVE-2012-10050

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-10050

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-10050

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2012-10050