Every CVE whose affected-product data names Flycms Project Flycms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2024-22699 — CVSS 8.8 (high): FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/update_group_save.
CVE-2020-36065 — CVSS 8.8 (high): Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via…
CVE-2023-52072 — CVSS 8.8 (high): FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte.
CVE-2023-52073 — CVSS 8.8 (high): FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/config_footer_updagte.
CVE-2023-52074 — CVSS 8.8 (high): FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte.
CVE-2024-22819 — CVSS 8.8 (high): FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update.
CVE-2024-22818 — CVSS 8.8 (high): FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save
CVE-2024-22817 — CVSS 8.8 (high): FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte
CVE-2024-22591 — CVSS 8.8 (high): FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save.
CVE-2024-22592 — CVSS 8.8 (high): FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update
CVE-2024-22593 — CVSS 8.8 (high): FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save
CVE-2024-22601 — CVSS 8.8 (high): FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save
CVE-2024-22603 — CVSS 8.8 (high): FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/links/add_link
CVE-2020-19613 — CVSS 7.5 (high): Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503.
CVE-2024-27694 — CVSS 7.4 (high): FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the /system/share/ztree_category_edit.