CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to pages/edituser.php, which allows remote attackers to modify usernames and passwords via a direct request.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.01698
Percentile: 0.81474

CVSS Scoring

Affected Products

• cpe:2.3:a:cuteflow:cuteflow:2.10.3:*:*:*:*:*:*:*
• cpe:2.3:a:cuteflow:cuteflow:2.11.0_c:*:*:*:*:*:*:*

← Back to Home