VYPR
Vendor

07fly

Products
3
CVEs
20
Across products
23
Status
Private

Products

3

Recent CVEs

20
  • CVE-2025-10712HigSep 19, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This issue affects some unknown processing of the file /index.php/Login/login. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely.…

  • CVE-2025-10710MedSep 19, 2025
    risk 0.28cvss 4.3epss 0.00

    A flaw has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This affects an unknown part of the file /index.php. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published…

  • CVE-2025-7078MedJul 6, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.3.9. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public…

  • CVE-2026-2965LowFeb 23, 2026
    risk 0.16cvss 2.4epss 0.00

    A security flaw has been discovered in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.9. The affected element is an unknown function of the file /admin/SysModule/edit.html of the component System Extension Module. Performing a manipulation of the argument Title results in cross site…

  • CVE-2015-6000Feb 6, 2020
    risk 0.09cvss epss 0.40

    Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an…

  • CVE-2025-25379Feb 28, 2025
    risk 0.00cvss epss 0.00

    Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the id parameter of the del.html component.

  • CVE-2024-57159Jan 16, 2025
    risk 0.00cvss epss 0.00

    07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/add.html.

  • CVE-2024-57161Jan 16, 2025
    risk 0.00cvss epss 0.00

    07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/edit.html

  • CVE-2024-57160Jan 16, 2025
    risk 0.00cvss epss 0.00

    07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaTask/edit.html.

  • CVE-2024-57611Jan 16, 2025
    risk 0.00cvss epss 0.00

    07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/doAdminAction.php?act=editShop&shopId.

  • CVE-2024-51156Nov 14, 2024
    risk 0.00cvss epss 0.00

    07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component 'erp.07fly.net:80/admin/SysNotifyUser/del.html?id=93'.

  • CVE-2024-51157Nov 8, 2024
    risk 0.00cvss epss 0.00

    07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component http://erp.07fly.net:80/oa/OaSchedule/add.html.

  • CVE-2024-9904Oct 13, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The manipulation of the argument file leads to unrestricted upload. The attack can be…

  • CVE-2024-9903Oct 12, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the…

  • CVE-2024-9855Oct 11, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule_1 of the component Module Plug-In…

  • CVE-2023-5020Sep 17, 2023
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, has been found in 07FLY CRM V2. This issue affects some unknown processing of the file /index.php/sysmanage/Login/login_auth/ of the component Administrator Login Page. The manipulation of the argument account leads to sql…

  • CVE-2023-3058Jun 2, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been…

  • CVE-2020-22807Apr 29, 2021
    risk 0.00cvss epss 0.01

    An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature.

  • CVE-2020-35418Apr 14, 2021
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file.

  • CVE-2020-35419Apr 14, 2021
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter.