07fly 07flycms

10 CVEs affecting 07fly 07flycms. Latest disclosed: 2025-07-06. Critical: 1, High: 0.

Top CVEs affecting 07fly 07flycms
CVESeverityScorePublishedSummary
CVE-2025-25379Critical9.62025-02-28Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the id parameter of the del.html component.
CVE-2024-51156Medium4.72024-11-1407FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component 'erp.07fly.net:80/admin/SysNotifyUser/del.html?id=93'.
CVE-2024-51157Medium4.72024-11-0807FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component http://erp.07fly.net:80/oa/OaSchedule/add.html.
CVE-2024-9904Medium4.72024-10-13A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the…
CVE-2024-9903Medium4.72024-10-12A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/…
CVE-2024-9855Medium4.72024-10-11A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFil…
CVE-2025-7078Medium4.32025-07-06A vulnerability classified as problematic was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.3.9. This vulnerability affects unknown code. The manipulation…
CVE-2024-57611Low3.52025-01-1607FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/doAdminAction.php?act=editShop&shopId.
CVE-2024-57159Low3.52025-01-1607FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/add.html.
CVE-2024-9856Low2.42024-10-11A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been rated as problematic. Affected by this issue is some unknown functionality of…