Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CuteFlow <= 2.11.2 Arbitrary File Upload RCE
Vulnerability Description
CuteFlow version 2.11.2 and earlier contains an arbitrary file upload vulnerability in the restart_circulation_values_write.php script. The application fails to validate or restrict uploaded file types, allowing unauthenticated attackers to upload arbitrary PHP files to the upload/___1/ directory. These files are then accessible via the web server, enabling remote code execution.
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
CuteFlow 安全漏洞
Vulnerability Description
CuteFlow是CuteFlow公司的一个基于Web的文档流转和工作流工具。 CuteFlow 2.11.2及之前版本存在安全漏洞,该漏洞源于restart_circulation_values_write.php脚本未验证文件类型,可能导致任意文件上传和远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A