Critical severityNVD Advisory· Published Aug 8, 2025· Updated Apr 15, 2026

CVE-2012-10050

Description

CuteFlow version 2.11.2 and earlier contains an arbitrary file upload vulnerability in the restart_circulation_values_write.php script. The application fails to validate or restrict uploaded file types, allowing unauthenticated attackers to upload arbitrary PHP files to the upload/___1/ directory. These files are then accessible via the web server, enabling remote code execution.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

web.archive.org/web/20210922054637/https://itsecuritysolutions.org/2012-07-01-CuteFlow-2.11.2-multiple-security-vulnerabilities/nvd
raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/cuteflow_upload_exec.rbnvd
sourceforge.net/projects/cuteflow/nvd
web.archive.org/web/20120729071444/http://www.cuteflow.org/nvd
www.exploit-db.com/exploits/20111nvd
www.vulncheck.com/advisories/cuteflow-arbitrary-file-upload-rcenvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.053
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000