CVE-2012-10050
CuteFlow <2.11.2 - RCE
Title source: llmDescription
CuteFlow version 2.11.2 and earlier contains an arbitrary file upload vulnerability in the restart_circulation_values_write.php script. The application fails to validate or restrict uploaded file types, allowing unauthenticated attackers to upload arbitrary PHP files to the upload/___1/ directory. These files are then accessible via the web server, enabling remote code execution.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubywebappsphp
https://www.exploit-db.com/exploits/20111
metasploit
WORKING POC
EXCELLENT
by bcoles · rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/cuteflow_upload_exec.rb
References (6)
Scores
EPSS
0.6213
EPSS Percentile
98.3%
Classification
CWE
CWE-434
Status
draft
Timeline
Published
Aug 08, 2025
Tracked Since
Feb 18, 2026