Primary

Context

07FLYCMS Cross-Site Request Forgery Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in 07FLYCMS version 1.3.9. This vulnerability allows remote attackers to execute arbitrary code by manipulating the 'id' parameter in the 'del.html' component.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of arbitrary code on the server where 07FLYCMS is installed.

Reproduction

To reproduce this vulnerability, send a request to the 'del.html' component with a crafted 'id' parameter. The request must be made in a way that bypasses the application's CSRF protections, such as through a malicious link or script that exploits the vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

7.9

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

7.9

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

07FLYCMS Cross-Site Request Forgery Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

07FLYCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating