Lucene search
K
07fly07flycms

10 matches found

CVE
CVE
added 2025/02/28 12:0 a.m.79 views

CVE-2025-25379

07FLYCMS v1.3.9 is affected by a Cross Site Request Forgery vulnerability that allows a remote attacker to execute arbitrary code via the id parameter in the del.html component. The issue’s root cause is the insecure handling of the id parameter in del.html, enabling code execution under authenti...

9.6CVSS8.1AI score0.00273EPSS
CVE
CVE
added 2024/11/08 12:0 a.m.59 views

CVE-2024-51157

CVE-2024-51157 affects 07FLYCMS V1.3.9 with a CSRF vulnerability in the /oa/OaSchedule/add.html endpoint. The CVSS-3.1 vector (AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N) yields a base score of 4.7 (Medium). Exploitation details are not provided beyond the CSRF description; no public fix/version remedia...

4.7CVSS7.2AI score0.0017EPSS
CVE
CVE
added 2024/11/14 12:0 a.m.55 views

CVE-2024-51156

07FLYCMS v1.3.9 is affected by a CSRF vulnerability in the component erp.07fly.net:80/admin/SysNotifyUser/del.html?id=93. The issue enables unauthorized requests causing potential state changes without user consent. No exploit details or patch/version fixes are provided in the connected documents...

4.7CVSS7.6AI score0.00195EPSS
Web
CVE
CVE
added 2025/01/16 12:0 a.m.53 views

CVE-2024-57159

07FLYCMS V1.3.9 is affected by a CSRF vulnerability in the API endpoint /erp.07fly.net:80/oa/OaWorkReport/add.html. The issue is described across multiple sources (Red Hat, CNNVD, CVE lists) as a Cross-Site Request Forgery in this version; no specific patch/version fix is detailed in the provided...

3.5CVSS7.7AI score0.00149EPSS
CVE
CVE
added 2024/10/11 12:31 p.m.53 views

CVE-2024-9856

CVE-2024-9856 affects 07FLYCMS/07FLY-CMS/07FlyCRM v1.3.8. A vulnerability in the System Settings Page, via manipulation of the Login Interface Copyright, enables cross-site scripting. The issue can be exploited remotely and the exploit has been disclosed publicly. Affected products are also refer...

5.1CVSS3.2AI score0.00383EPSS
CVE
CVE
added 2025/01/16 12:0 a.m.52 views

CVE-2024-57611

CVE-2024-57611 affects 07FLYCMS V1.3.9 and is associated with a Cross-Site Request Forgery (CSRF) vulnerability reachable via admin/doAdminAction.php?act=editShop&shopId. The connected sources corroborate a CSRF issue in this version, but there is no public detail in the provided documents about ...

3.5CVSS7.2AI score0.00149EPSS
Web
CVE
CVE
added 2024/10/11 12:31 p.m.47 views

CVE-2024-9855

CVE-2024-9855 affects 07FLYCMS/07FLY-CMS/07FlyCRM 1.3.8. The vulnerability lies in Module Plug-In Handler’s uploadFile (path /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule_1), where manipulating the file argument enables unrestricted uploads. Exploitation is remote and publicly...

7.2CVSS4.8AI score0.00597EPSS
Web
CVE
CVE
added 2024/10/12 11:0 p.m.47 views

CVE-2024-9903

CVE-2024-9903 affects 07FLYCMS, 07FLY-CMS and 07FlyCRM up to version 1.2.0. The vulnerability is in the fileUpload function at /admin/File/fileUpload, where manipulating the file argument leads to unrestricted file upload. It can be triggered remotely and the exploit has been disclosed publicly. ...

7.2CVSS4.8AI score0.00597EPSS
Web
CVE
CVE
added 2024/10/13 1:31 a.m.45 views

CVE-2024-9904

CVE-2024-9904 affects 07FLYCMS, 07FLY-CMS and 07FlyCRM up to version 1.2.0. The flaw is in the function pictureUpload under /admin/File/pictureUpload, where manipulating the file argument enables unrestricted remote upload. Exploitation has been publicly disclosed; multiple sources corroborate th...

7.2CVSS4.8AI score0.00597EPSS
Web
CVE
CVE
added 2025/07/06 8:32 a.m.28 views

CVE-2025-7078

CVE-2025-7078 affects 07FLYCMS, 07FLY-CMS and 07FlyCRM up to version 1.3.9. The issue is a cross-site request forgery (CSRF) in unknown code, exploitable remotely and with a publicly disclosed exploit. Several connected sources (Red Hat, NVD, PT Security) corroborate the CSRF nature and affected ...

5.3CVSS4.6AI score0.00249EPSS