CVE-2024-9903

A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The...

CVE-2024-9904

A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely...

CVE-2024-57160

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via /erp.07fly.net:80/oa/OaTask/edit.html...

CVE-2024-57161

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via /erp.07fly.net:80/oa/OaWorkReport/edit.html...

CVE-2024-57159

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via /erp.07fly.net:80/oa/OaWorkReport/add.html...

CVE-2024-57611

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via admin/doAdminAction.php?act=editShop...

CVE-2024-51156

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via the component 'erp.07fly.net:80/admin/SysNotifyUser/del.html?id=93'...

CVE-2024-51157

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via the component http://erp.07fly.net:80/oa/OaSchedule/add.html...

CVE-2025-25379

Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the id parameter of the del.html component...

CVE-2025-25379

Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the id parameter of the del.html component...

CVE-2025-25379

Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the id parameter of the del.html component...

CVE-2025-25379

07FLYCMS v1.3.9 is affected by a Cross Site Request Forgery vulnerability that allows a remote attacker to execute arbitrary code via the id parameter in the del.html component. The issue’s root cause is the insecure handling of the id parameter in del.html, enabling code execution under authenti...

07FLYCMS 跨站请求伪造漏洞

07FLYCMS is a free and open source content management system from China Zero Takeoff 07FLY. A security vulnerability exists in 07FLYCMS v.1.3.9, which stems from an id parameter in the del.html component that allows remote code execution...

CVE-2025-25379

Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the id parameter of the del.html component...

CVE-2025-25379

Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the id parameter of the del.html component...

PT-2025-9138 · 07Flycms · 07Flycms

Name of the Vulnerable Software and Affected Versions: 07FLYCMS version 1.3.9 Description: A Cross Site Request Forgery issue allows a remote attacker to execute arbitrary code via the id parameter of the "del.html" component. Recommendations: For 07FLYCMS version 1.3.9, consider restricting acce...

CVE-2024-57611

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via admin/doAdminAction.php?act=editShop&shopId...

CVE-2024-57161

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via /erp.07fly.net:80/oa/OaWorkReport/edit.html...

CVE-2024-57159

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via /erp.07fly.net:80/oa/OaWorkReport/add.html...

CVE-2024-57159

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via /erp.07fly.net:80/oa/OaWorkReport/add.html...