汇总 flycms_project 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
常见弱点模式包括 CSRF、跨站脚本与SSRF,在 生产负载与软件部署 使用场景中可能带来 会话劫持 等风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2024-27694 | FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the /system/share/ztree_category_edit. | [email protected] | 7.4 | 0.24% | 2024-03-04 | 2026-06-17 |
| CVE-2024-22819 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update. | [email protected] | 8.8 | 0.32% | 2024-01-18 | 2026-06-17 |
| CVE-2024-22818 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save | [email protected] | 8.8 | 0.32% | 2024-01-18 | 2026-06-17 |
| CVE-2024-22817 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte | [email protected] | 8.8 | 0.32% | 2024-01-18 | 2026-06-17 |
| CVE-2024-22603 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/links/add_link | [email protected] | 8.8 | 0.33% | 2024-01-18 | 2026-06-17 |
| CVE-2024-22601 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save | [email protected] | 8.8 | 0.24% | 2024-01-18 | 2026-06-17 |
| CVE-2024-22699 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/update_group_save. | [email protected] | 8.8 | 0.35% | 2024-01-18 | 2026-06-17 |
| CVE-2024-22593 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save | [email protected] | 8.8 | 0.32% | 2024-01-18 | 2026-06-17 |
| CVE-2024-22592 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update | [email protected] | 8.8 | 0.32% | 2024-01-18 | 2026-06-17 |
| CVE-2024-22591 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save. | [email protected] | 8.8 | 0.32% | 2024-01-18 | 2026-06-17 |
| CVE-2024-22568 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del. | [email protected] | 8.8 | 0.29% | 2024-01-18 | 2026-06-17 |
| CVE-2024-22549 | FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section. | [email protected] | 5.4 | 0.38% | 2024-01-18 | 2026-06-17 |
| CVE-2024-22548 | FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section. | [email protected] | 5.4 | 0.44% | 2024-01-18 | 2026-06-17 |
| CVE-2023-52074 | FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte. | [email protected] | 8.8 | 0.29% | 2024-01-08 | 2026-06-17 |
| CVE-2023-52073 | FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/config_footer_updagte. | [email protected] | 8.8 | 0.29% | 2024-01-08 | 2026-06-17 |
| CVE-2023-52072 | FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte. | [email protected] | 8.8 | 0.29% | 2024-01-08 | 2026-06-17 |
| CVE-2024-21732 | FlyCms through abbaa5a allows XSS via the permission management feature. | [email protected] | 6.1 | 0.43% | 2024-01-01 | 2026-06-17 |
| CVE-2020-36065 | Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save. | [email protected] | 8.8 | 0.34% | 2023-05-08 | 2026-06-16 |
| CVE-2020-19613 | Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503. | [email protected] | 7.5 | 1.26% | 2021-04-01 | 2026-06-16 |