A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function
fileUpload
of the file /admin/File/fileUpload. The manipulation of the argument file leads to unrestricted upload.
This vulnerability is uniquely identified as CVE-2024-9903. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address.