CVE-2024-51156

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via the component 'erp.07fly.net:80/admin/SysNotifyUser/del.html?id=93'...

CVE-2024-51156

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via the component 'erp.07fly.net:80/admin/SysNotifyUser/del.html?id=93'...

PT-2024-34541 · 07Flycms · 07Flycms

Name of the Vulnerable Software and Affected Versions: 07FLYCMS version 1.3.9 Description: A Cross-Site Request Forgery CSRF issue was discovered in the component related to 'erp.07fly.net:80/admin/SysNotifyUser/del.html?id=93'. This issue allows for unauthorized requests. No information is...

CVE-2024-51156

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via the component 'erp.07fly.net:80/admin/SysNotifyUser/del.html?id=93'...

CVE-2024-51156

07FLYCMS v1.3.9 is affected by a CSRF vulnerability in the component erp.07fly.net:80/admin/SysNotifyUser/del.html?id=93. The issue enables unauthorized requests causing potential state changes without user consent. No exploit details or patch/version fixes are provided in the connected documents...

07FLYCMS 安全漏洞

07FLYCMS is a free and open source content management system CMS of China Zero Takeoff 07FLY company, which can be used independently to meet the needs of various types of enterprise website development and construction! A security vulnerability exists in 07FLYCMS version V1.3.9, which originated...

CVE-2024-51156

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via the component 'erp.07fly.net:80/admin/SysNotifyUser/del.html?id=93'...

CVE-2024-51157

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via the component http://erp.07fly.net:80/oa/OaSchedule/add.html...

CVE-2024-51157

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via the component http://erp.07fly.net:80/oa/OaSchedule/add.html...

CVE-2024-51157

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via the component http://erp.07fly.net:80/oa/OaSchedule/add.html...

CVE-2024-51157

CVE-2024-51157 affects 07FLYCMS V1.3.9 with a CSRF vulnerability in the /oa/OaSchedule/add.html endpoint. The CVSS-3.1 vector (AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N) yields a base score of 4.7 (Medium). Exploitation details are not provided beyond the CSRF description; no public fix/version remedia...

CVE-2024-9904

A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely...

CVE-2024-9904

CVE-2024-9904 affects 07FLYCMS, 07FLY-CMS and 07FlyCRM up to version 1.2.0. The flaw is in the function pictureUpload under /admin/File/pictureUpload, where manipulating the file argument enables unrestricted remote upload. Exploitation has been publicly disclosed; multiple sources corroborate th...

CVE-2024-9904 07FLYCMS/07FLY-CMS/07FlyCRM pictureUpload unrestricted upload

A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely...

CVE-2024-9904 07FLYCMS/07FLY-CMS/07FlyCRM pictureUpload unrestricted upload

A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely...

CVE-2024-9903

A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The...

CVE-2024-9903 07FLYCMS/07FLY-CMS/07FlyCRM fileUpload unrestricted upload

A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The...

CVE-2024-9903

CVE-2024-9903 affects 07FLYCMS, 07FLY-CMS and 07FlyCRM up to version 1.2.0. The vulnerability is in the fileUpload function at /admin/File/fileUpload, where manipulating the file argument leads to unrestricted file upload. It can be triggered remotely and the exploit has been disclosed publicly. ...

CVE-2024-9903 07FLYCMS/07FLY-CMS/07FlyCRM fileUpload unrestricted upload

A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The...

CVE-2024-9855

A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule1 of the component Module Plug-In Handler. The manipulation...