1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: CuteFlow Arbitrary File Upload

Attack: CuteFlow Arbitrary File Upload

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit an arbitrary file upload vulnerability in CuteFlow.

Additional Information

Multiple arbitrary-file-upload vulnerabilities affect the application because it fails to properly validate file extensions when uploading through the 'restart_circulation_values_write.php', 'editcirculation_write.php', and 'restart_circulation_write.php' scripts.

Exploiting these issues could allow an attacker to compromise the application, to access or modify data, to gain administrative access to the affected application, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, to execute arbitrary server-side script code in the context of the webserver process, or to perform restricted actions.

Affected

  • CuteFlow 2.11.2

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube