VYPR

07FLYCMS

by 07fly

CVEs (15)

  • CVE-2025-25379CriFeb 28, 2025
    risk 0.62cvss 9.6epss 0.00

    Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the id parameter of the del.html component.

  • CVE-2025-10712HigSep 19, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This issue affects some unknown processing of the file /index.php/Login/login. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely.…

  • CVE-2024-51156MedNov 14, 2024
    risk 0.31cvss 4.7epss 0.00

    07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component 'erp.07fly.net:80/admin/SysNotifyUser/del.html?id=93'.

  • CVE-2024-51157MedNov 8, 2024
    risk 0.31cvss 4.7epss 0.00

    07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component http://erp.07fly.net:80/oa/OaSchedule/add.html.

  • CVE-2024-9904MedOct 13, 2024
    risk 0.31cvss 4.7epss 0.01

    A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The manipulation of the argument file leads to unrestricted upload. The attack can be…

  • CVE-2024-9903MedOct 12, 2024
    risk 0.31cvss 4.7epss 0.01

    A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the…

  • CVE-2024-9855MedOct 11, 2024
    risk 0.31cvss 4.7epss 0.01

    A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule_1 of the component Module Plug-In…

  • CVE-2025-10710MedSep 19, 2025
    risk 0.28cvss 4.3epss 0.00

    A flaw has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This affects an unknown part of the file /index.php. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published…

  • CVE-2025-7078MedJul 6, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.3.9. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public…

  • CVE-2024-57161MedJan 16, 2025
    risk 0.28cvss 4.3epss 0.00

    07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/edit.html

  • CVE-2024-57160MedJan 16, 2025
    risk 0.28cvss 4.3epss 0.00

    07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaTask/edit.html.

  • CVE-2024-57611LowJan 16, 2025
    risk 0.23cvss 3.5epss 0.00

    07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/doAdminAction.php?act=editShop&shopId.

  • CVE-2024-57159LowJan 16, 2025
    risk 0.23cvss 3.5epss 0.00

    07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/add.html.

  • CVE-2026-2965LowFeb 23, 2026
    risk 0.16cvss 2.4epss 0.00

    A security flaw has been discovered in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.9. The affected element is an unknown function of the file /admin/SysModule/edit.html of the component System Extension Module. Performing a manipulation of the argument Title results in cross site…

  • CVE-2024-9856LowOct 11, 2024
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been rated as problematic. Affected by this issue is some unknown functionality of the component System Settings Page. The manipulation of the argument Login Interface Copyright leads to cross site…