CVE-2024-51156

MEDIUM

07flycms V1.3.9 - Cross-Site Request Forgery via SysNotifyUser Delete Endpoint

Title source: llm

Description

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component 'erp.07fly.net:80/admin/SysNotifyUser/del.html?id=93'.

References (1)

Core 1

Core References

Exploit

https://github.com/SamParkerXd/cms/tree/main/1

View Exploit ZIP pw:eip

Scores

CVSS v3 4.7

EPSS 0.0019

EPSS Percentile 9.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (1)

07fly/07flycms 1.3.9

Published Nov 14, 2024

Tracked Since Feb 18, 2026