07fly
Products
3- 14 CVEs
- 6 CVEs
- 3 CVEs
Recent CVEs
20| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-10712 | Hig | 0.47 | 7.3 | 0.00 | Sep 19, 2025 | A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This issue affects some unknown processing of the file /index.php/Login/login. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely.… | ||
| CVE-2025-10710 | Med | 0.28 | 4.3 | 0.00 | Sep 19, 2025 | A flaw has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This affects an unknown part of the file /index.php. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published… | ||
| CVE-2025-7078 | Med | 0.28 | 4.3 | 0.00 | Jul 6, 2025 | A vulnerability classified as problematic was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.3.9. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public… | ||
| CVE-2026-2965 | Low | 0.16 | 2.4 | 0.00 | Feb 23, 2026 | A security flaw has been discovered in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.9. The affected element is an unknown function of the file /admin/SysModule/edit.html of the component System Extension Module. Performing a manipulation of the argument Title results in cross site… | ||
| CVE-2015-6000 | 0.09 | — | 0.40 | Feb 6, 2020 | Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an… | |||
| CVE-2025-25379 | 0.00 | — | 0.00 | Feb 28, 2025 | Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the id parameter of the del.html component. | |||
| CVE-2024-57159 | 0.00 | — | 0.00 | Jan 16, 2025 | 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/add.html. | |||
| CVE-2024-57161 | 0.00 | — | 0.00 | Jan 16, 2025 | 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/edit.html | |||
| CVE-2024-57160 | 0.00 | — | 0.00 | Jan 16, 2025 | 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaTask/edit.html. | |||
| CVE-2024-57611 | 0.00 | — | 0.00 | Jan 16, 2025 | 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/doAdminAction.php?act=editShop&shopId. | |||
| CVE-2024-51156 | 0.00 | — | 0.00 | Nov 14, 2024 | 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component 'erp.07fly.net:80/admin/SysNotifyUser/del.html?id=93'. | |||
| CVE-2024-51157 | 0.00 | — | 0.00 | Nov 8, 2024 | 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component http://erp.07fly.net:80/oa/OaSchedule/add.html. | |||
| CVE-2024-9904 | 0.00 | — | 0.01 | Oct 13, 2024 | A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The manipulation of the argument file leads to unrestricted upload. The attack can be… | |||
| CVE-2024-9903 | 0.00 | — | 0.01 | Oct 12, 2024 | A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the… | |||
| CVE-2024-9855 | 0.00 | — | 0.01 | Oct 11, 2024 | A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule_1 of the component Module Plug-In… | |||
| CVE-2023-5020 | 0.00 | — | 0.01 | Sep 17, 2023 | A vulnerability, which was classified as critical, has been found in 07FLY CRM V2. This issue affects some unknown processing of the file /index.php/sysmanage/Login/login_auth/ of the component Administrator Login Page. The manipulation of the argument account leads to sql… | |||
| CVE-2023-3058 | 0.00 | — | 0.01 | Jun 2, 2023 | A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been… | |||
| CVE-2020-22807 | 0.00 | — | 0.01 | Apr 29, 2021 | An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature. | |||
| CVE-2020-35418 | 0.00 | — | 0.01 | Apr 14, 2021 | Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file. | |||
| CVE-2020-35419 | 0.00 | — | 0.01 | Apr 14, 2021 | Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter. |
- risk 0.47cvss 7.3epss 0.00
A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This issue affects some unknown processing of the file /index.php/Login/login. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely.…
- risk 0.28cvss 4.3epss 0.00
A flaw has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This affects an unknown part of the file /index.php. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published…
- risk 0.28cvss 4.3epss 0.00
A vulnerability classified as problematic was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.3.9. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public…
- risk 0.16cvss 2.4epss 0.00
A security flaw has been discovered in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.9. The affected element is an unknown function of the file /admin/SysModule/edit.html of the component System Extension Module. Performing a manipulation of the argument Title results in cross site…
- CVE-2015-6000Feb 6, 2020risk 0.09cvss —epss 0.40
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an…
- CVE-2025-25379Feb 28, 2025risk 0.00cvss —epss 0.00
Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the id parameter of the del.html component.
- CVE-2024-57159Jan 16, 2025risk 0.00cvss —epss 0.00
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/add.html.
- CVE-2024-57161Jan 16, 2025risk 0.00cvss —epss 0.00
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/edit.html
- CVE-2024-57160Jan 16, 2025risk 0.00cvss —epss 0.00
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaTask/edit.html.
- CVE-2024-57611Jan 16, 2025risk 0.00cvss —epss 0.00
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/doAdminAction.php?act=editShop&shopId.
- CVE-2024-51156Nov 14, 2024risk 0.00cvss —epss 0.00
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component 'erp.07fly.net:80/admin/SysNotifyUser/del.html?id=93'.
- CVE-2024-51157Nov 8, 2024risk 0.00cvss —epss 0.00
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component http://erp.07fly.net:80/oa/OaSchedule/add.html.
- CVE-2024-9904Oct 13, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The manipulation of the argument file leads to unrestricted upload. The attack can be…
- CVE-2024-9903Oct 12, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the…
- CVE-2024-9855Oct 11, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule_1 of the component Module Plug-In…
- CVE-2023-5020Sep 17, 2023risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, has been found in 07FLY CRM V2. This issue affects some unknown processing of the file /index.php/sysmanage/Login/login_auth/ of the component Administrator Login Page. The manipulation of the argument account leads to sql…
- CVE-2023-3058Jun 2, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been…
- CVE-2020-22807Apr 29, 2021risk 0.00cvss —epss 0.01
An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature.
- CVE-2020-35418Apr 14, 2021risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file.
- CVE-2020-35419Apr 14, 2021risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter.