CVE-2025-7078

Medium CVSS: 5.3

A vulnerability classified as problematic was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.3.9. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is published under multiple names. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

07fly

Product

07flycms

CWE

CWE-352

Yayın Tarihi

2025-07-06 09:15:23

Güncelleme

2025-11-06 22:23:01

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-352 07flycms MEDIUM 07fly 2025

Referanslar

https://github.com/Excentique/yuxuan_mei/blob/main/07fly-crm_1.md https://vuldb.com/?ctiid.314992 https://vuldb.com/?id.314992 https://vuldb.com/?submit.603552 https://github.com/Excentique/yuxuan_mei/blob/main/07fly-crm_1.md

Benzer Kayıtlar

Critical

CVE-2025-25379

Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the…

Low

CVE-2024-57611

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/doAdminAction.php?act=editShop&s…

Low

CVE-2024-57159

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/add.…

Medium

CVE-2024-57160

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaTask/edit.html.

Medium

CVE-2024-57161

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/edit…