VYPR
Vendor

Sunkaifei

Products
1
CVEs
19
Across products
19
Status
Private

Products

1

Recent CVEs

19
  • CVE-2025-15094MedDec 26, 2025
    risk 0.28cvss 4.3epss 0.00

    A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserController.java of the component User Login. Executing a manipulation of the…

  • CVE-2025-15093MedDec 26, 2025
    risk 0.28cvss 4.3epss 0.00

    A security flaw has been discovered in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The affected element is an unknown function of the file src/main/java/com/flycms/web/system/IndexAdminController.java of the component Admin Login. Performing a manipulation…

  • CVE-2024-27694Mar 4, 2024
    risk 0.00cvss epss 0.00

    FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the /system/share/ztree_category_edit.

  • CVE-2024-22939Feb 1, 2024
    risk 0.00cvss epss 0.01

    Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/category_edit component.

  • CVE-2024-22548Jan 18, 2024
    risk 0.00cvss epss 0.00

    FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section.

  • CVE-2024-22699Jan 18, 2024
    risk 0.00cvss epss 0.00

    FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/update_group_save.

  • CVE-2024-22591Jan 18, 2024
    risk 0.00cvss epss 0.00

    FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save.

  • CVE-2024-22819Jan 18, 2024
    risk 0.00cvss epss 0.00

    FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update.

  • CVE-2024-22601Jan 18, 2024
    risk 0.00cvss epss 0.00

    FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save

  • CVE-2024-22568Jan 18, 2024
    risk 0.00cvss epss 0.00

    FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del.

  • CVE-2024-22592Jan 18, 2024
    risk 0.00cvss epss 0.00

    FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update

  • CVE-2024-22817Jan 18, 2024
    risk 0.00cvss epss 0.00

    FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte

  • CVE-2024-22593Jan 18, 2024
    risk 0.00cvss epss 0.00

    FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save

  • CVE-2024-22549Jan 18, 2024
    risk 0.00cvss epss 0.00

    FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section.

  • CVE-2023-52074Jan 8, 2024
    risk 0.00cvss epss 0.00

    FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte.

  • CVE-2023-52073Jan 8, 2024
    risk 0.00cvss epss 0.00

    FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/config_footer_updagte.

  • CVE-2023-52072Jan 8, 2024
    risk 0.00cvss epss 0.00

    FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte.

  • CVE-2024-21732Jan 1, 2024
    risk 0.00cvss epss 0.00

    FlyCms through abbaa5a allows XSS via the permission management feature.

  • CVE-2020-19613Apr 1, 2021
    risk 0.00cvss epss 0.01

    Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503.