Lucene search
K
07flyCustomer Relationship Management

9 matches found

CVE
CVE
added 2023/06/02 1:0 p.m.78 views

CVE-2023-3058

CVE-2023-3058 affects 07FLY CRM up to version 1.2.0, with the vulnerable area in the User Profile Handler. The issue enables cross-site scripting and can be exploited remotely; exploits have been disclosed. Available sources indicate the patch status is unclear, and at least one reference recomme...

5.4CVSS4.5AI score0.00564EPSS
CVE
CVE
added 2023/09/17 4:31 a.m.68 views

CVE-2023-5020

CVE-2023-5020 describes a SQL injection in 07FLY CRM V2, affecting the Administrator Login Page at /index.php/sysmanage/Login/login_auth/ via the account parameter. The vulnerability can be exploited remotely and is rated critical/high across sources, with remote network access and no complexity/...

9.8CVSS8.9AI score0.00711EPSS
Web
CVE
CVE
added 2024/10/11 12:31 p.m.54 views

CVE-2024-9856

CVE-2024-9856 affects 07FLYCMS/07FLY-CMS/07FlyCRM v1.3.8. A vulnerability in the System Settings Page, via manipulation of the Login Interface Copyright, enables cross-site scripting. The issue can be exploited remotely and the exploit has been disclosed publicly. Affected products are also refer...

5.1CVSS3.2AI score0.00383EPSS
CVE
CVE
added 2025/01/16 12:0 a.m.53 views

CVE-2024-57160

07FLYCMS v1.3.9 is associated with CVE-2024-57160 due to a Cross‑Site Request Forgery (CSRF) via the endpoint /erp.07fly.net:80/oa/OaTask/edit.html. The connected sources corroborate a CSRF issue affecting this specific version; no exploitable details or active exploit status are provided in the ...

4.3CVSS7.7AI score0.00164EPSS
CVE
CVE
added 2024/10/11 12:31 p.m.48 views

CVE-2024-9855

CVE-2024-9855 affects 07FLYCMS/07FLY-CMS/07FlyCRM 1.3.8. The vulnerability lies in Module Plug-In Handler’s uploadFile (path /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule_1), where manipulating the file argument enables unrestricted uploads. Exploitation is remote and publicly...

7.2CVSS4.8AI score0.00597EPSS
Web
CVE
CVE
added 2024/10/12 11:0 p.m.48 views

CVE-2024-9903

CVE-2024-9903 affects 07FLYCMS, 07FLY-CMS and 07FlyCRM up to version 1.2.0. The vulnerability is in the fileUpload function at /admin/File/fileUpload, where manipulating the file argument leads to unrestricted file upload. It can be triggered remotely and the exploit has been disclosed publicly. ...

7.2CVSS4.8AI score0.00597EPSS
Web
CVE
CVE
added 2024/10/13 1:31 a.m.46 views

CVE-2024-9904

CVE-2024-9904 affects 07FLYCMS, 07FLY-CMS and 07FlyCRM up to version 1.2.0. The flaw is in the function pictureUpload under /admin/File/pictureUpload, where manipulating the file argument enables unrestricted remote upload. Exploitation has been publicly disclosed; multiple sources corroborate th...

7.2CVSS4.8AI score0.00597EPSS
Web
CVE
CVE
added 2025/01/16 12:0 a.m.44 views

CVE-2024-57161

CVE-2024-57161 affects 07FLYCMS v1.3.9 . Multiple connected sources confirm a Cross-Site Request Forgery (CSRF) vulnerability targeting the endpoint "/erp.07fly.net:80/oa/OaWorkReport/edit.html". The root cause is a CSRF flaw allowing unauthorized actions in that API path (no explicit exploit det...

4.3CVSS7.7AI score0.00164EPSS
CVE
CVE
added 2025/07/06 8:32 a.m.28 views

CVE-2025-7078

CVE-2025-7078 affects 07FLYCMS, 07FLY-CMS and 07FlyCRM up to version 1.3.9. The issue is a cross-site request forgery (CSRF) in unknown code, exploitable remotely and with a publicly disclosed exploit. Several connected sources (Red Hat, NVD, PT Security) corroborate the CSRF nature and affected ...

5.3CVSS4.6AI score0.00249EPSS