CVE-2012-10050
published 2025-08-08CVE-2012-10050: CuteFlow version 2.11.2 and earlier contains an arbitrary file upload vulnerability in the restart_circulation_values_write.php script. The application fails…
PriorityP272critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.22%
64.8th percentile
CuteFlow version 2.11.2 and earlier contains an arbitrary file upload vulnerability in the restart_circulation_values_write.php script. The application fails to validate or restrict uploaded file types, allowing unauthenticated attackers to upload arbitrary PHP files to the upload/___1/ directory. These files are then accessible via the web server, enabling remote code execution.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cuteflow.org | cuteflow | <= 2.11.2 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated POST requests to restart_circulation_values_write.php, which is the vulnerable upload endpoint. ↗
- →Alert on PHP files written to or served from the upload/___1/ directory, as this is the attacker-controlled drop location for webshells/payloads. ↗
- →Detect HTTP GET/POST requests to upload/___1/*.php, which would indicate attempted or successful remote code execution following exploitation. ↗
- ·Vulnerability affects CuteFlow version 2.11.2 and earlier; verify target version before applying detections to avoid false positives on patched instances. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://web.archive.org/web/20210922054637/https://itsecuritysolutions.org/2012-07-01-CuteFlow-2.11.2-multiple-security-vulnerabilities/https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/cuteflow_upload_exec.rbhttps://sourceforge.net/projects/cuteflow/https://web.archive.org/web/20120729071444/http://www.cuteflow.org/https://www.exploit-db.com/exploits/20111https://www.vulncheck.com/advisories/cuteflow-arbitrary-file-upload-rcehttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/cuteflow_upload_exec.rbhttps://www.exploit-db.com/exploits/20111
2025-08-08
Published