flycms_project 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk csrf、vendor risk cross-site scripting, and vendor risk ssrf があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact session compromise などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-27694 | FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the /system/share/ztree_category_edit. | [email protected] | 7.4 | 0.06% | 2024-03-04 | 2025-04-16 |
| CVE-2024-22819 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update. | [email protected] | 8.8 | 0.06% | 2024-01-18 | 2025-06-02 |
| CVE-2024-22818 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save | [email protected] | 8.8 | 0.06% | 2024-01-18 | 2025-06-09 |
| CVE-2024-22817 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte | [email protected] | 8.8 | 0.06% | 2024-01-18 | 2025-06-05 |
| CVE-2024-22603 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/links/add_link | [email protected] | 8.8 | 0.06% | 2024-01-18 | 2024-11-21 |
| CVE-2024-22601 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save | [email protected] | 8.8 | 0.06% | 2024-01-18 | 2025-06-20 |
| CVE-2024-22699 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/update_group_save. | [email protected] | 8.8 | 0.20% | 2024-01-18 | 2025-06-05 |
| CVE-2024-22593 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save | [email protected] | 8.8 | 0.06% | 2024-01-18 | 2024-11-21 |
| CVE-2024-22592 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update | [email protected] | 8.8 | 0.06% | 2024-01-18 | 2025-06-02 |
| CVE-2024-22591 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save. | [email protected] | 8.8 | 0.06% | 2024-01-18 | 2025-06-20 |
| CVE-2024-22568 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del. | [email protected] | 8.8 | 0.06% | 2024-01-18 | 2025-06-20 |
| CVE-2024-22549 | FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section. | [email protected] | 5.4 | 0.08% | 2024-01-18 | 2025-06-20 |
| CVE-2024-22548 | FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section. | [email protected] | 5.4 | 0.09% | 2024-01-18 | 2025-06-05 |
| CVE-2023-52074 | FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte. | [email protected] | 8.8 | 0.15% | 2024-01-08 | 2025-06-13 |
| CVE-2023-52073 | FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/config_footer_updagte. | [email protected] | 8.8 | 0.15% | 2024-01-08 | 2025-06-03 |
| CVE-2023-52072 | FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte. | [email protected] | 8.8 | 0.15% | 2024-01-08 | 2025-04-17 |
| CVE-2024-21732 | FlyCms through abbaa5a allows XSS via the permission management feature. | [email protected] | 6.1 | 0.19% | 2024-01-01 | 2025-06-03 |
| CVE-2020-36065 | Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save. | [email protected] | 8.8 | 0.11% | 2023-05-08 | 2025-01-29 |
| CVE-2020-19613 | Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503. | [email protected] | 7.5 | 0.29% | 2021-04-01 | 2024-11-21 |