GCVE - cpe:2.3:a:07fly:07flycms:1.3.9:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:07fly:07flycms:1.3.9:*:*:*:*:*:*:*

part: a version: 1.3.9 update: *

Vendor	07Fly (`f2b08433-4d69-5b6b-adde-07d95d0a1c29`)
Product	07Flycms (`523a18c3-c428-5646-a3e3-aff0568ea1b2`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-25379`	vulnerable	2026-06-08 07:12:51.156672	Details available Cross Site Request Forgery vulnerability in 07FLYCMS v.1.3.9 allows a remote attacker to execute arbitrary code via the id parameter of the del.html component. Published: 2025-02-28T00:00:00.000Z Updated: 2025-03-04T15:44:16.900Z Open on db.gcve.eu Reference links https://github.com/R2og/Sun-jialiang/tree/main/9/readme.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-57611`	vulnerable	2026-06-08 06:56:13.627627	Details available 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/doAdminAction.php?act=editShop&shopId. Published: 2025-01-16T00:00:00.000Z Updated: 2025-02-03T18:51:11.248Z Open on db.gcve.eu Reference links https://github.com/daodaoshao/Yunpeng-Yin/tree/main/7/readme.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-57159`	vulnerable	2026-06-08 06:56:13.397192	Details available 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/add.html. Published: 2025-01-16T00:00:00.000Z Updated: 2025-03-13T13:40:20.708Z Open on db.gcve.eu Reference links https://github.com/1091101/yang.xian/tree/main/6/readme.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-51157`	vulnerable	2026-06-08 06:52:11.807678	Details available 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component http://erp.07fly.net:80/oa/OaSchedule/add.html. Published: 2024-11-08T00:00:00.000Z Updated: 2024-11-18T14:13:04.340Z Open on db.gcve.eu Reference links https://github.com/xiaoyunzhui/cms/blob/main/2/readme.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-51156`	vulnerable	2026-06-08 06:52:11.806230	Details available 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component 'erp.07fly.net:80/admin/SysNotifyUser/del.html?id=93'. Published: 2024-11-14T00:00:00.000Z Updated: 2024-11-18T18:10:08.440Z Open on db.gcve.eu Reference links https://github.com/SamParkerXd/cms/tree/main/1	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.