CNNVD-202508-783 Information

CNNVD ID

CNNVD-202508-783

Related CVE

CVE-2012-10050

• CNNVD Published: 2025-08-08

Description (Chinese)

CuteFlow是CuteFlow公司的一个基于Web的文档流转和工作流工具。 CuteFlow 2.11.2及之前版本存在安全漏洞，该漏洞源于restart_circulation_values_write.php脚本未验证文件类型，可能导致任意文件上传和远程代码执行。

Description (English)

CuteFlow is a Web-based document flow and workflow tool for CuteFlow. The CuteFlow 2.11.2 and previous versions have a security loophole, which stems from the fact that rental circulation values write.php scripts do not verify the type of file, which may lead to any upload and remote code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

CuteFlow

Published

2025-08-08

Last Modified

2026-02-24

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/ https://sourceforge.net/projects/cuteflow/ http://www.cuteflow.org/ https://web.archive.org/web/20120729071444/ https://itsecuritysolutions.org/2012-07-01-CuteFlow-2.11.2-multiple-security-vulnerabilities/ http://web.archive.org/web/20210922054637/ https://www.exploit-db.com/exploits/20111 https://www.vulncheck.com/advisories/cuteflow-arbitrary-file-upload-rce https://access.redhat.com/security/cve/cve-2012-10050