10 matches found
CVE-2025-25379
07FLYCMS v1.3.9 is affected by a Cross Site Request Forgery vulnerability that allows a remote attacker to execute arbitrary code via the id parameter in the del.html component. The issue’s root cause is the insecure handling of the id parameter in del.html, enabling code execution under authenti...
CVE-2024-51157
CVE-2024-51157 affects 07FLYCMS V1.3.9 with a CSRF vulnerability in the /oa/OaSchedule/add.html endpoint. The CVSS-3.1 vector (AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N) yields a base score of 4.7 (Medium). Exploitation details are not provided beyond the CSRF description; no public fix/version remedia...
CVE-2024-51156
07FLYCMS v1.3.9 is affected by a CSRF vulnerability in the component erp.07fly.net:80/admin/SysNotifyUser/del.html?id=93. The issue enables unauthorized requests causing potential state changes without user consent. No exploit details or patch/version fixes are provided in the connected documents...
CVE-2024-57159
07FLYCMS V1.3.9 is affected by a CSRF vulnerability in the API endpoint /erp.07fly.net:80/oa/OaWorkReport/add.html. The issue is described across multiple sources (Red Hat, CNNVD, CVE lists) as a Cross-Site Request Forgery in this version; no specific patch/version fix is detailed in the provided...
CVE-2024-9856
CVE-2024-9856 affects 07FLYCMS/07FLY-CMS/07FlyCRM v1.3.8. A vulnerability in the System Settings Page, via manipulation of the Login Interface Copyright, enables cross-site scripting. The issue can be exploited remotely and the exploit has been disclosed publicly. Affected products are also refer...
CVE-2024-57611
CVE-2024-57611 affects 07FLYCMS V1.3.9 and is associated with a Cross-Site Request Forgery (CSRF) vulnerability reachable via admin/doAdminAction.php?act=editShop&shopId. The connected sources corroborate a CSRF issue in this version, but there is no public detail in the provided documents about ...
CVE-2024-9903
CVE-2024-9903 affects 07FLYCMS, 07FLY-CMS and 07FlyCRM up to version 1.2.0. The vulnerability is in the fileUpload function at /admin/File/fileUpload, where manipulating the file argument leads to unrestricted file upload. It can be triggered remotely and the exploit has been disclosed publicly. ...
CVE-2024-9855
CVE-2024-9855 affects 07FLYCMS/07FLY-CMS/07FlyCRM 1.3.8. The vulnerability lies in Module Plug-In Handler’s uploadFile (path /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule_1), where manipulating the file argument enables unrestricted uploads. Exploitation is remote and publicly...
CVE-2024-9904
CVE-2024-9904 affects 07FLYCMS, 07FLY-CMS and 07FlyCRM up to version 1.2.0. The flaw is in the function pictureUpload under /admin/File/pictureUpload, where manipulating the file argument enables unrestricted remote upload. Exploitation has been publicly disclosed; multiple sources corroborate th...
CVE-2025-7078
CVE-2025-7078 affects 07FLYCMS, 07FLY-CMS and 07FlyCRM up to version 1.3.9. The issue is a cross-site request forgery (CSRF) in unknown code, exploitable remotely and with a publicly disclosed exploit. Several connected sources (Red Hat, NVD, PT Security) corroborate the CSRF nature and affected ...