CVE-2025-25379

Critical CVSS: 9.6

Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the id parameter of the del.html component.

Vendor

07fly

Product

07flycms

CWE

CWE-352

Yayın Tarihi

2025-02-28 23:15:10

Güncelleme

2025-04-15 20:10:40

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-352 07flycms CRITICAL 07fly 2025

Referanslar

https://github.com/R2og/Sun-jialiang/tree/main/9/readme.md https://github.com/R2og/Sun-jialiang/tree/main/9/readme.md

Benzer Kayıtlar

Medium

CVE-2025-7078

A vulnerability classified as problematic was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.3.9. This vulnerability…

Low

CVE-2024-57611

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/doAdminAction.php?act=editShop&s…

Low

CVE-2024-57159

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/add.…

Medium

CVE-2024-57160

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaTask/edit.html.

Medium

CVE-2024-57161

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/edit…