Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
07FLYCMS/07FLY-CMS/07FlyCRM pictureUpload unrestricted upload
Vulnerability Description
A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
07FLYCMS、07FLY-CMS和07FLY CRM 代码问题漏洞
Vulnerability Description
07FLY CRM等都是中国零起飞(07FLY)公司的产品。07FLY CRM是一个 OA 办公系统。07FLY-CMS是一个自由和开放源码的内容管理系统。07FLYCMS是一个自由和开放源码的内容管理系统(CMS),它可以独立使用,满足各类企业网站开发建设的需要 07FLYCMS、07FLY-CMS和07FLY CRM 1.2.0版本之前存在代码问题漏洞,该漏洞源于/admin/File/pictureUpload文件的file参数包含一个不受限制的文件上传问题。
CVSS Information
N/A
Vulnerability Type
N/A