CVE-2024-22593

FlyCms v1.0 contains a Cross-Site Request Forgery CSRF vulnerability via /system/admin/addgroupsave...

PT-2024-21993 · Flycms · Flycms

Name of the Vulnerable Software and Affected Versions: FlyCms version 1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. It affects the "/system/share/ztree category edit" API endpoint. Recommendations: For FlyCms version 1.0, as a temporary workaround,...

PT-2024-19497 · Flycms · Flycms

Name of the Vulnerable Software and Affected Versions: FlyCms version 1.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. It can be exploited via the /system/user/group update API endpoint. Recommendations: For FlyCms version 1.0, as a temporary workaround, consider...

CVE-2024-22568

FlyCms v1.0 contains a Cross-Site Request Forgery CSRF vulnerability via /system/score/del...

CVE-2020-36065

Cross Site Request Forgery CSRF vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/adminsave...