CVE-2024-22939

Name of the Vulnerable Software and Affected Versions FlyCms version 1.0

Description A Cross Site Request Forgery vulnerability allows a remote attacker to execute arbitrary code via the "system/article/category edit" component. This issue enables attackers to perform unauthorized actions on behalf of authenticated users.

Recommendations For FlyCms version 1.0, as a temporary workaround, consider disabling access to the "system/article/category edit" component until a patch is available. Restrict access to this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.