EUVD-2025-20135CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Lifecycle Timeline
4Description
A vulnerability classified as problematic was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.3.9. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is published under multiple names. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
A vulnerability classified as problematic was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.3.9. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is published under multiple names. The vendor was contacted early about this disclosure but did not respond in any way.
Technical Context
Cross-Site Request Forgery forces authenticated users to perform unintended actions by tricking their browser into sending forged requests. This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352).
Affected Products
Affected products: 07Fly 07Flycms, 07Fly Customer Relationship Management
Remediation
Implement anti-CSRF tokens for all state-changing operations. Use SameSite cookie attribute. Verify the Origin/Referer header on the server side.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today