CVE-2024-9904— 07FLYCMS、07FLY-CMS和07FLY CRM 代码问题漏洞

07FLYCMS/07FLY-CMS/07FlyCRM pictureUpload unrestricted upload

A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

危险类型文件的不加限制上传

07FLYCMS、07FLY-CMS和07FLY CRM 代码问题漏洞

07FLY CRM等都是中国零起飞（07FLY）公司的产品。07FLY CRM是一个 OA 办公系统。07FLY-CMS是一个自由和开放源码的内容管理系统。07FLYCMS是一个自由和开放源码的内容管理系统（CMS），它可以独立使用，满足各类企业网站开发建设的需要 07FLYCMS、07FLY-CMS和07FLY CRM 1.2.0版本之前存在代码问题漏洞，该漏洞源于/admin/File/pictureUpload文件的file参数包含一个不受限制的文件上传问题。

N/A

N/A