CVE-2012-10050— CuteFlow <= 2.11.2 Arbitrary File Upload RCE

EPSS 65.65% · P99 Updated Apr 08, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2012-10050

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

CuteFlow <= 2.11.2 Arbitrary File Upload RCE

Source: NVD (National Vulnerability Database)

Vulnerability Description

CuteFlow version 2.11.2 and earlier contains an arbitrary file upload vulnerability in the restart_circulation_values_write.php script. The application fails to validate or restrict uploaded file types, allowing unauthenticated attackers to upload arbitrary PHP files to the upload/___1/ directory. These files are then accessible via the web server, enabling remote code execution.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

危险类型文件的不加限制上传

Source: NVD (National Vulnerability Database)

Vulnerability Title

CuteFlow 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

CuteFlow是CuteFlow公司的一个基于Web的文档流转和工作流工具。 CuteFlow 2.11.2及之前版本存在安全漏洞，该漏洞源于restart_circulation_values_write.php脚本未验证文件类型，可能导致任意文件上传和远程代码执行。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
CuteFlow.org	CuteFlow	* ~ 2.11.2	-

II. Public POCs for CVE-2012-10050

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2012-10050

请登录查看更多情报信息。

CuteFlow 2.11.2 multiple security vulnerabilitiestechnical-descriptionexploit
CuteFlow 2.11.2 - Arbitrary File Upload (Metasploit) - PHP webapps Exploitexploit
https://nvd.nist.gov/vuln/detail/CVE-2012-10050

IV. Related Vulnerabilities

Same weakness: CWE-434

V. Comments for CVE-2012-10050

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2012-10050— CuteFlow <= 2.11.2 Arbitrary File Upload RCE

I. Basic Information for CVE-2012-10050

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2012-10050

III. Intelligence Information for CVE-2012-10050

IV. Related Vulnerabilities

V. Comments for CVE-2012-10050

Leave a comment