GCVE - cpe:2.3:a:n/a:07flycrm:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:07flycrm:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	07Flycrm (`f47bad07-ed5f-54dd-aac3-cd2e1ee109d0`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-2965`	vulnerable	2026-06-08 07:55:17.903984	07FLYCMS/07FLY-CMS/07FlyCRM System Extension edit.html cross site scripting LOW (2.4) A security flaw has been discovered in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.9. The affected element is an unknown function of the file /admin/SysModule/edit.html of the component System Extension Module. Performing a manipulation of the argument Title results in cross site scripting. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. This product is published under multiple names. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2026-02-23T01:32:08.157Z Updated: 2026-02-23T13:46:48.205Z Open on db.gcve.eu Reference links https://vuldb.com/?id.347332 https://vuldb.com/?ctiid.347332 https://vuldb.com/?submit.755225 https://www.notion.so/07FlyCRM-Stored-Cross-Site-Scripting-XSS-in-SysModule-module-303ea92a3c4180d3a9a8e9f6c3d2915a?v=2ffea92a3c418057a8b7000c66564aa1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-7078`	vulnerable	2026-06-08 07:43:17.979263	07FLYCMS/07FLY-CMS/07FlyCRM cross-site request forgery MEDIUM (4.3) A vulnerability classified as problematic was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.3.9. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is published under multiple names. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-07-06T08:32:05.396Z Updated: 2025-07-07T16:21:20.599Z Open on db.gcve.eu Reference links https://vuldb.com/?id.314992 https://vuldb.com/?ctiid.314992 https://vuldb.com/?submit.603552 https://github.com/Excentique/yuxuan_mei/blob/main/07fly-crm_1.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-10712`	vulnerable	2026-06-08 07:02:27.384776	07FLYCMS/07FLY-CMS/07FlyCRM login sql injection HIGH (7.3) A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This issue affects some unknown processing of the file /index.php/Login/login. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This product is published under multiple names. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-09-19T13:32:05.578Z Updated: 2025-09-19T13:52:12.058Z Open on db.gcve.eu Reference links https://vuldb.com/?id.325000 https://vuldb.com/?ctiid.325000 https://vuldb.com/?submit.644970 https://github.com/1276486/CVE/issues/13	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-10711`	vulnerable	2026-06-08 07:02:27.384236	07FLYCMS/07FLY-CMS/07FlyCRM Login cross site scripting MEDIUM (4.3) A vulnerability has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This vulnerability affects unknown code of the file /index.php/sysmanage/Login. Such manipulation of the argument Name leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. This product is published under multiple names. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-09-19T12:32:11.985Z Updated: 2025-09-19T13:03:55.881Z Open on db.gcve.eu Reference links https://vuldb.com/?id.324999 https://vuldb.com/?ctiid.324999 https://vuldb.com/?submit.644969 https://github.com/1276486/CVE/issues/12	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-10710`	vulnerable	2026-06-08 07:02:27.383720	07FLYCMS/07FLY-CMS/07FlyCRM index.php cross site scripting MEDIUM (4.3) A flaw has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This affects an unknown part of the file /index.php. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product is published under multiple names. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-09-19T12:32:09.221Z Updated: 2025-09-19T13:04:33.430Z Open on db.gcve.eu Reference links https://vuldb.com/?id.324998 https://vuldb.com/?ctiid.324998 https://vuldb.com/?submit.644968 https://github.com/1276486/CVE/issues/11	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-9904`	vulnerable	2026-06-08 07:00:28.881334	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-9903`	vulnerable	2026-06-08 07:00:28.878572	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-9856`	vulnerable	2026-06-08 07:00:28.813705	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-9855`	vulnerable	2026-06-08 07:00:28.811188	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.