CNNVD-202509-3074 Information
CNNVD ID
CNNVD-202509-3074
Related CVE
- CNNVD Published: 2025-09-19
Description (Chinese)
07FLY-CMS等都是中国零起飞(07FLY)公司的产品。07FLY-CMS是一个自由和开放源码的内容管理系统。07FLYCMS是一个自由和开放源码的内容管理系统。07Fly 07FLYCRM等都是中国零起飞(07Fly)公司的产品。07FLYCRM是一款客户关系管理系统。 07FLY多款产品存在SQL注入漏洞,该漏洞源于对文件/index.php/Login/login中参数Username的错误操作,可能导致SQL注入攻击。以下产品及版本受到影响:07FLYCMS、07FLY-CMS和07FlyCRM 20250831及之前版本。
Description (English)
Both 07FLY-CMS and others are Chinese Zero Takeoff (07FLY). 07FLY-CMS is a free and open source content management system. 07FLYCMS is a free and open source content management system. 07Fly 07FLYCRM and others are products of China Zero Take-off (07Fly). 07FLYCRM is a customer relationship management system. There is an SQL injection loophole in the 07FLY multi-products, which stems from an error in the use of the parameter Username in the document/index.php/Login/login, which could lead to an SQL injection attack. The following products and versions were affected: 07FLYCMS, 07FLY-CMS and 07FlyCRM 20250831 et seq.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
零起飞
Published
2025-09-19
Last Modified
2026-02-24
References
https://github.com/1276486/CVE/issues/13 https://vuldb.com/?ctiid.325000 https://vuldb.com/?id.325000 https://vuldb.com/?submit.644970 https://access.redhat.com/security/cve/cve-2025-10712
Share on: