CVE-2024-57611

Name of the Vulnerable Software and Affected Versions 07FLYCMS version 1.3.9

Description The issue is related to Cross-Site Request Forgery (CSRF) that occurs via the "admin/doAdminAction.php?act=editShop&shopId" endpoint. This allows for unauthorized actions to be performed.

Recommendations For 07FLYCMS version 1.3.9, consider disabling access to the "admin/doAdminAction.php?act=editShop&shopId" endpoint until a patch is available. Restrict the use of the shopId variable in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.