9 matches found
CVE-2023-3058
CVE-2023-3058 affects 07FLY CRM up to version 1.2.0, with the vulnerable area in the User Profile Handler. The issue enables cross-site scripting and can be exploited remotely; exploits have been disclosed. Available sources indicate the patch status is unclear, and at least one reference recomme...
CVE-2023-5020
CVE-2023-5020 describes a SQL injection in 07FLY CRM V2, affecting the Administrator Login Page at /index.php/sysmanage/Login/login_auth/ via the account parameter. The vulnerability can be exploited remotely and is rated critical/high across sources, with remote network access and no complexity/...
CVE-2024-9856
CVE-2024-9856 affects 07FLYCMS/07FLY-CMS/07FlyCRM v1.3.8. A vulnerability in the System Settings Page, via manipulation of the Login Interface Copyright, enables cross-site scripting. The issue can be exploited remotely and the exploit has been disclosed publicly. Affected products are also refer...
CVE-2024-57160
07FLYCMS v1.3.9 is associated with CVE-2024-57160 due to a Cross‑Site Request Forgery (CSRF) via the endpoint /erp.07fly.net:80/oa/OaTask/edit.html. The connected sources corroborate a CSRF issue affecting this specific version; no exploitable details or active exploit status are provided in the ...
CVE-2024-9855
CVE-2024-9855 affects 07FLYCMS/07FLY-CMS/07FlyCRM 1.3.8. The vulnerability lies in Module Plug-In Handler’s uploadFile (path /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule_1), where manipulating the file argument enables unrestricted uploads. Exploitation is remote and publicly...
CVE-2024-9903
CVE-2024-9903 affects 07FLYCMS, 07FLY-CMS and 07FlyCRM up to version 1.2.0. The vulnerability is in the fileUpload function at /admin/File/fileUpload, where manipulating the file argument leads to unrestricted file upload. It can be triggered remotely and the exploit has been disclosed publicly. ...
CVE-2024-9904
CVE-2024-9904 affects 07FLYCMS, 07FLY-CMS and 07FlyCRM up to version 1.2.0. The flaw is in the function pictureUpload under /admin/File/pictureUpload, where manipulating the file argument enables unrestricted remote upload. Exploitation has been publicly disclosed; multiple sources corroborate th...
CVE-2024-57161
CVE-2024-57161 affects 07FLYCMS v1.3.9 . Multiple connected sources confirm a Cross-Site Request Forgery (CSRF) vulnerability targeting the endpoint "/erp.07fly.net:80/oa/OaWorkReport/edit.html". The root cause is a CSRF flaw allowing unauthorized actions in that API path (no explicit exploit det...
CVE-2025-7078
CVE-2025-7078 affects 07FLYCMS, 07FLY-CMS and 07FlyCRM up to version 1.3.9. The issue is a cross-site request forgery (CSRF) in unknown code, exploitable remotely and with a publicly disclosed exploit. Several connected sources (Red Hat, NVD, PT Security) corroborate the CSRF nature and affected ...