Description

A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address.

Related CPE's

a

07fly

07flycms

Vulnerable

a

07fly

customer_relationship_management

Vulnerable

References

https://github.com/DeepMountains/Mirage/blob/main/CVE19-2.md

ExploitThird Party Advisory

https://vuldb.com/?ctiid.280180

Permissions RequiredVDB Entry

https://vuldb.com/?id.280180

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.421686

Third Party AdvisoryVDB Entry

Weaknesses

[email protected]

Secondary
CWE-434

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

4.7 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2024-10-13T02:15:15.257

1 year ago

Last modified

2025-07-30T15:01:41.237

5 months ago