Flycms
CVE-2024-27694
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Lifecycle Timeline
1DescriptionCVE.org
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the /system/share/ztree_category_edit.
AnalysisAI
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the /system/share/ztree_category_edit. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the /system/share/ztree_category_edit. Affected products include: Flycms Project Flycms.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagt
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/config_footer_u
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_upda
Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the syst
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update. Rated hi
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save. Rated high se
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte. Rated high
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/links/add_link. Rated high severity (
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/update_group_save. Rated high s
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save. Rated high seve
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update. Rated high severit
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save. Rated high severity
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today