VYPR

07FlyCRM

by 07fly

CVEs (5)

  • CVE-2025-10712HigSep 19, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This issue affects some unknown processing of the file /index.php/Login/login. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely.…

  • CVE-2024-9855MedOct 11, 2024
    risk 0.31cvss 4.7epss 0.01

    A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule_1 of the component Module Plug-In…

  • CVE-2025-7078MedJul 6, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.3.9. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public…

  • CVE-2026-2965LowFeb 23, 2026
    risk 0.16cvss 2.4epss 0.00

    A security flaw has been discovered in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.9. The affected element is an unknown function of the file /admin/SysModule/edit.html of the component System Extension Module. Performing a manipulation of the argument Title results in cross site…

  • CVE-2024-9856LowOct 11, 2024
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been rated as problematic. Affected by this issue is some unknown functionality of the component System Settings Page. The manipulation of the argument Login Interface Copyright leads to cross site…