CNNVD-202509-3067 Information
CNNVD ID
CNNVD-202509-3067
Related CVE
- CNNVD Published: 2025-09-19
Description (Chinese)
07FLY-CMS等都是中国零起飞(07FLY)公司的产品。07FLY-CMS是一个自由和开放源码的内容管理系统。07FLYCMS是一个自由和开放源码的内容管理系统。07Fly 07FLYCRM等都是中国零起飞(07Fly)公司的产品。07FLYCRM是一款客户关系管理系统。 07FLY多款产品存在代码注入漏洞,该漏洞源于对文件/index.php/sysmanage/Login中参数Name的错误操作,可能导致跨站脚本攻击。以下产品及版本受到影响:07FLYCMS、07FLY-CMS和07FlyCRM 20250831及之前版本。
Description (English)
Both 07FLY-CMS and others are Chinese Zero Takeoff (07FLY). 07FLY-CMS is a free and open source content management system. 07FLYCMS is a free and open source content management system. 07Fly 07FLYCRM and others are products of China Zero Take-off (07Fly). 07FLYCRM is a customer relationship management system. 07FLY multi-products have a code-in-the-code loophole, which results from an error in the use of the parameter name in the file/index.php/sysmanage/Login, which may result in a cross-site script attack. The following products and versions were affected: 07FLYCMS, 07FLY-CMS and 07FlyCRM 20250831 et seq.
Hazard Level
High
Vulnerability Type
代码注入
Affected Vendor
零起飞
Published
2025-09-19
Last Modified
2026-02-24
References
https://github.com/1276486/CVE/issues/12 https://vuldb.com/?ctiid.324999 https://vuldb.com/?id.324999 https://vuldb.com/?submit.644969 https://access.redhat.com/security/cve/cve-2025-10711
Share on: