CuteFlow 2.11.2 multiple security vulnerabilities

There are multiple security vulnerabilities in CuteFlow 2.11.2 which may allow an attacker to take control of the software.

Software

Software Link: CuteFlow

Vulnerable Version: 2.11.2

Vendor Notification: Unnotified

Vulnerabilities

# Arbitrary File Upload (Pre-Authentication)

# SQL Injection (Pre-Authentication)

# SQL Injection (Post-Authentication)

# Direct URL Access - Add Admin User (Pre-Authentication)

# Cross-Site Scripting (XSS)

Reference

# OWASP: Cross-Site Scripting (XSS)

# OWASP: SQL Injection

# OWASP: Failure to Restrict URL Access

# OWASP: Unrestricted File Upload

Appendix

[TXT] CuteFlow 2.11.2 multiple security vulnerabilities